Compatibility Matrix
What Features Does GlobalProtect Support?
Table of Contents
What Features Does GlobalProtect Support?
Review the features that GlobalProtect™ supports based on the platform operating system
(OS).
The following table lists the features supported on
GlobalProtect™ by operating system (OS). An entry in the table indicates
the first supported release of the feature on the OS (however, you
should review the End-of-Life Summary to
ensure you are using a supported release). A dash (“—”) indicates
that the feature is not supported. For recommended minimum GlobalProtect
app versions, see Where Can I Install the GlobalProtect App?.
For Chromebook and other Chrome OS devices, use Android App 5.0 or a later version to get
GlobalProtect app features introduced in GlobalProtect app 5.0 and later releases.
(Refer also to the end-of-life (EoL) information for the
GlobalProtect app.)
Feature | Android | iOS | Chrome | Windows | Windows 10 UWP | macOS | Linux |
---|---|---|---|---|---|---|---|
Authentication | |||||||
SAML Authentication | 4.0.0 | 4.0.0 (On-Demand connect method only) | 4.1.0 | 4.0.0 | — | 4.0.0 | 5.1 (GUI-based GlobalProtect app) |
SAML Authentication with Cloud
Authentication Service Note: Requires use of Default System Browser | 6.0.0 | 6.0.0 (On Demand connect method only) | 6.0.0 | 6.0.0 | — | 6.0.0 | 6.0.0 |
Expired Active Directory Password Change for Remote Users | 4.1.0 | 4.1.0 (notifications only) 5.0.0 (full support) | 4.1.0 | 4.1.0 | 4.1.0 | 4.1.0 | — |
Mixed Authentication Method Support or Certificates or User Credentials | 4.1.0 | 4.1.0 | 4.1.0 | 4.1.0 | 4.1.0 | 4.1.0 | 4.1.0 |
Single Sign-On (SSO) | |||||||
SSO (Credential Provider) | — | — | — | 1.2.0 | — | — | — |
SAML SSO | 5.1.0 | 5.2.0 | 5.1.0 | 5.2.0 | — | 5.2.0 | 5.2.0 |
VPN Connections | |||||||
IPSec | 1.3.0 | 1.3.0 | 3.1.1 | 1.0.0 | — | 1.0.0 | 4.1.0 |
SSL | 1.3.0 | 1.3.0 | 3.1.1 | 1.0.0 | 3.1.3 | 1.0.0 | 4.1.0 |
Clientless VPN | — (no client required) | — (no client required) | — (no client required) | — (no client required) | — (no client required) | — (no client required) | — (no client required) |
Connect Methods | |||||||
1.3.0 | 1.3.0 | 5.0.0 (through extended support for the GlobalProtect app for
Android) | 1.0.0 | 3.1.3 (Always On configured from third-party MDM) | 1.0.0 | 4.1.0 | |
Connection Priority | |||||||
Internal Gateway Selection by Source IP Address | 4.0.0 (Except DHCP options) | 4.0.0 (Except DHCP options) | — | 4.0.0 | — | 4.0.0 | 4.1.0 |
Modes | |||||||
Internal mode | 1.3.0 | 1.3.0 | — | 1.0.0 | — | 1.0.0 | 4.1 |
External mode | 1.3.0 | 1.3.0 | 3.1.1 | 1.0.0 | 3.1.3 | 1.0.0 | 4.1 |
Networking | |||||||
IPv4 Addressing | 1.3.0 | 1.3.0 | 3.1.1 | 1.0.0 | 3.1.3 | 1.0.0 | 4.1 |
Optimized Split Tunneling for GlobalProtect | — | — | — | 4.1.0 | — | 4.1.0 | 6.1.0 Domain-based split tunneling
only; application-based split tunneling not supported |
Per-App VPN | 4.0.0 | 4.0.0 | |||||
Customization | |||||||
Configurable Maximum Transmission Unit for GlobalProtect Connections | 5.2.4 | 5.2.4 | 5.2.4 | 5.2.4 | 5.2.4 | 5.2.4 | 5.2.4 |
Endpoint Tunnel Configurations Based on Source Region or IP Address | 4.1.0 | 4.1.0 | 4.1.0 | 4.1.0 | 4.1.0 | 4.1.0 | 4.1.0 |
Portal Configuration Assignment and HIP-Based Access Control Using New Endpoint Attributes | 4.1.0 | 4.1.0 | 4.1.0 | 4.1.0 | 4.1.0 | 4.1.0 | 4.1.0 |
—
|
—
| — | FIPS Validated on 5.1.4 CC Certified on 5.1.5 x86 platforms
FIPS-CC available on 6.0.7 | — | FIPS Validated on 5.1.4 CC Certified on 5.1.5 x86 platforms
FIPS-CC available on 6.0.7 | 6.0.7 | |
Pre-logon tunnel rename timeout | — | — | — | 4.0.2 | — | — | — |
Enforce GlobalProtect for Network Access | — | — | — | 3.1.0 | 3.1.3 (VPN Lockdown configured from third-party MDM) | 3.1.0 | — |
Deployment of SSL Forward Proxy CA certificates in
the trust store | — | — | — | 3.0.0 | — | 3.0.0 | — |
HIP reports | 1.3.0 | 1.3.0 | 3.0.0 | 1.0.0 | 3.1.3 (Host information only; Notifications
not supported) | 1.0.0 | 4.1.0 (Host information only) |
Run scripts before and after sessions | — | — | — | 2.3.0 | — | 2.3.0 | — |
Allow users to disable GlobalProtect | 6.0 | — | — | 2.2.0 | — | 2.2.0 | 4.1.0 |
Welcome and help pages | 1.3.0 | 1.3.0 | 3.0.0 | 1.0.0 | — | 1.0.0 | — |
Extend User Session for GlobalProtect Users
|
—
|
—
|
—
|
6.2.0
|
6.2.0
|
6.2.0
|
—
|
Other | |||||||
GlobalProtect Portal and Gateway Support for TLSv1.3 |
6.0.8, 6.1.3,6.2.1, or later versions
|
6.0.8, 6.1.3,6.2.1, or later versions
|
6.0.8, 6.1.3,6.2.1, or later versions
|
6.0.8, 6.1.3,6.2.1, or later versions
(Minimum version of Windows 11 required)
|
6.0.8, 6.1.3,6.2.1, or later versions
|
6.0.8, 6.1.3,6.2.1, or later versions
|
6.0.8, 6.1.3,6.2.1, or later versions
(Ubuntu 20)
|
Automatic VPN Reconnect for Chromebooks | — | — | 4.1.0 | — | — | — | — |
Support for Native Certificate Store for Prisma Access and GloabProtect App on Linux Endpoints |
—
|
—
|
—
|
—
|
—
|
—
|
6.2.0 or later versions
|
Enhancements for Authentication Using Smart Cards |
—
|
—
|
—
|
6.3.0 or later versions
|
—
|
6.3.1 or later versions
|
—
|
Enhancements for Authentication Using Smart Cards-Removal of Multiple PIN Prompts |
—
|
—
|
—
|
6.3.0 or later versions
|
—
|
6.3.0 or later versions
|
—
|
CLI Support for SAML Authentication with Default Browser for GlobalProtect App on Linux Endpoints |
—
|
—
|
—
|
—
|
—
|
—
|
6.2.1 or later versions
|
(Deprecates Device Block List) | 5.1.0 | 5.1.0 | 5.1.0 | 5.1.0 | 5.1.0 | 5.1.0 | 5.1.0 |