GlobalProtect on Android - what a pain

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

GlobalProtect on Android - what a pain

L2 Linker

Hi everyone! I'm in the process of implementing VM-50 along with GP on a small network with adults and children. The idea is to make successful parent control of what kids can and cannot do and, at the same time, grant more privileges to adults/parents. To have this implemented all packets from/to kids' phones/laptops have to go through the PA FW and be SSL decrypted where possible. My aim is to do my best to prevent kids from getting to undesirable content/sites. So far I have reached some success installing GlobalProtect everywhere and locking it to always-on mode, but... guys, what's the purpose of having the "always-on" mode when a user can simply uninstall the app from the phone?


Moreover, the app itself can be easily killed by the OS (one of boys launched angry birds, and the Android OS simply killed the GP process) and, after that the app never returns back to work, or sometimes it just hangs when a phone is roaming from WiFi network to 4G and back. This feature with "network enforcement" is simply not working in Android (we use various Samsung and Lenovo devices). If the app forgets to bring the VPN up, the phone is haveing direct connection to the 4G network and obviously no filtering is in effect.


Next, why does it bring the VPN up when it's sitting in its own internal network? Why can't the android app check if the internal host is accessible and switch it to the internal mode automatically without going to the menu and pressing "Refresh connection" item ? It's working normally on a windows based PC, but on Android the App builds the VPN over internal network to the firewall. Why does it do that? 


So, dear GP developers, you have to hire someone who knows how to make an app persistent. I also installed in children's devices Kaspersky Safe kids, and hello, it's always up, it cannot be killed, it cannot be uninstalled without authorization, it's always booting along with the OS. Why can't you make your GP working in the same way ?





L7 Applicator

I am sorry to hear that you are having these issues with GP on Android.


I cannot answer all of your questions, but I can tell you that there are many reasons that the option to connect or not to connect while on a private network. In the GP setup you have Internal and External Gateways.  You would think, I am inside of the network, why do I need to connect to GP?  There are many reasons, for privacy (depending on the size of the network) as well as for User-ID.  It will help identify who you are to allow for better access control, etc. 


As far as these issues, I would recommend that you contact support and talk with them about these persistent issues. If they are not told, they will not be able to report them to the developers to fix in future versions.

LIVEcommunity team member
Stay Secure,
Don't forget to Like items if a post is helpful to you!
  • 1 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!