Well so here's the deal, I can guarantee that 5.1.6 and 5.2.2, and 5.2.3 all work without issue on macOS 10.15.6 and 10.15.7. So to say it's not tested and that nobody can use GlobalProtect agents above 5.0 is just not correct. Now if you look at one of the machines that have stopped working, you'll likely find under the user's security preferences that macOS has stopped the new system extension from being loaded, and the user simply need to allow it for the first time to get things to function properly again.
While this could be smother for the user, Apple doesn't make that as easy as you would think to actually prompt the user that additional permissions are required during the upgrade process. That's either something you manage from the MDM side, or communicate to users as you deploy the update if you don't manage those endpoints. It's an annoyance, but it's one that really falls under Apple.
I have plenty of macOS users deployed throughout the 5.1 and 5.2 releases without issue, and PAN themselves have a very large fleet of macOS devices all running GlobalProtect. The agent when properly configured and granted the proper permissions works perfectly fine.
Sorry, but I think I didn't explain myself correctly.
I'm already aware that starting from MacOS version 10.13, you have to allow the usage of the GP app in Security & Privacy (or during its installation), as described in the below link (in section # 8), but this is not the case here!
The GP adapter can establish a connection to the firewall, but although we're using a Split Tunnel, some users have issues reaching the Internet, while others can't reach some internal resources we configured in Domain Split Tunnel.
I've asked our MacOS users to check in Security & Privacy whether there's another option to allow the new extensions, but there's nothing there!
So far, I noticed this issue in MacOS versions 10.15.3, 10.15.5, 10.15.6, & 10.15.7.
The users get the notifications to allow the NE (Network Extensions), they allow them, but it doesn't help!
The only time it helped was when I instructed a user with version 10.15.3 to update to 10.15.7.
During the update the notifications appeared, he allowed them, & then the problem was fixed.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!