GlobalProtect Prompting Network Filter on macOS

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

GlobalProtect Prompting Network Filter on macOS

L0 Member

We're running macOS Ventura clients and deploying GlobalProtect 5.2.12-26


We’ve been deploying GlobalProtect for the last year without profiles, No issues. We made a recent change to do HIP checks on endpoints, like verify Jamf is running before you can connect to VPN. We then added an exclusion for a domain and list of IPs to not go through the full tunnel.


Users then started getting the prompt to install system extensions. No big deal, I followed the Enable GlobalProtect System Extensions on macOS Endpoints Using Jamf Pro to push a profile to allow ...


But as soon as the profile installs, you get a second prompt to install a network filter (guessing this because of the domain exclusion?). If you click "Allow", it requires admin rights, which is a problem for our standard users. I can’t figure out how how to suppress/allow this with a profile. And GlobalProtects documentation doens’t seem to have a solution, that I’ve seen. It’s also showing as a Transparent Proxy and not a content filter in system settings.


I've gone through all the documentation here:

Enable System and Network Extensions on macOS Endpoints Using Jamf Pro

Add a Configuration Profile for the GlobalProtect Enforcer Using Jamf Pro 10.26.0


 Has anyone else seen this before and know how to create a profile?





GP connects and prompts for network filterGP connects and prompts for network filter


Then prompts for admin rightsThen prompts for admin rights



GP creates a transparent proxy in the network settingsGP creates a transparent proxy in the network settings







Cyber Elite
Cyber Elite

Hi @nic.scott ,


That's strange.  Your 2nd URL has sections for Network Filter Bundle Identifier and Network Filter Designated Requirement.  I guess those didn't work?  Here's another doc that provides more details ->  Maybe that has the info you need.  Both docs say they can suppress the popups.





Help the community: Like helpful comments and mark solutions.

When I try the 2ND url in my post and install that profile, it creates a separate "Content Filter" and not a "Transparent Proxy" but then it bricks my GlobalProtect client. I can't connect at all until I uninstall the profile and then restart my computer. I haven't seen anything in official docs about the "Transparent Proxy".


I also tried to install the 4 signed profiles at the bottom of this page, doesn't resolve the issue.


GlobalProtectEN Content Filter InstalledGlobalProtectEN Content Filter Installed


After installing the content filter profileAfter installing the content filter profile


Cyber Elite
Cyber Elite

Hi @nic.scott ,


I have MacOS Ventura, and I installed GP manually.  I enabled system extensions just in case I needed to use those features in the future.  I didn't get the specific Filter Network Content popup like you.  I got a generic System Extension Blocked.  I think this enables all system extensions.  I currently have the GP Transparent Proxy listed under my filters, but no Content Filter.


So, the Transparent Proxy looks normal.  It also looks like there is an error in the docs on how to suppress the Filter Network Content even though it specifically says that is what it does.  Both docs are written for Catalina.  Maybe it doesn't work on Ventura.


Sorry that I was not able to help.  You may need to open a TAC case.





Help the community: Like helpful comments and mark solutions.
  • 3 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!