Focus

GlobalProtect

About GlobalProtect Licenses

Table of Contents

Filter

Expand All | Collapse All

GlobalProtect Docs

Administration
Version
- 10.1 & Later
- 9.1 (EoL)
User Guide
Version
- 6.3
- 6.2
- 6.1
- 6.0
- 5.1
New Feature
Version
- 6.1
- 6.0
- 5.1
Release Notes
Version
- 6.3
- 6.2
- 6.1
- 6.0
- 5.1

What OS Versions are Supported with GlobalProtect?

Get Started

About GlobalProtect Licenses

If you want to use GlobalProtect to provide a secure remote access or virtual private network (VPN) solution via single or multiple internal/external gateways, you do not need any GlobalProtect licenses. However, to use some of the more advanced features (such as HIP checks and associated content updates, support for the GlobalProtect mobile app, or IPv6 support) you must purchase an annual GlobalProtect Gateway license. This license must be installed on each firewall running a gateway(s) that:

Performs HIP checks
Supports the GlobalProtect app for mobile endpoints
Supports the GlobalProtect app for Linux endpoints
Provides IPv6 connections
Split tunnels traffic based on the destination domain, application process name, or HTTP/HTTPS video streaming application.
Supports identification of managed devices using the endpoint’s serial number on gateways
Enforces GlobalProtect connections with FQDN exclusions

For GlobalProtect Clientless VPN, you must also install a GlobalProtect Gateway license on the firewall that hosts the Clientless VPN from the GlobalProtect portal. You also need the GlobalProtect Clientless VPN dynamic updates to use this feature.

Feature	Gateway License Required?
Single external gateway (Windows and macOS)	—
Single or multiple internal gateways	—
Multiple external gateways	—
Internet of things (IoT) devices
HIP Checks
Identification of managed devices using the endpoint serial number on gateways
HIP-based policy enforcement based on the endpoint status
App for endpoints running Windows and macOS	—
Mobile app for endpoints running iOS, Android, Chrome OS, and Windows 10 UWP
App for endpoints running Linux
App for endpoints running IoT
IPv6 for external gateways
IPv6 for internal gateways (change to default behavior—starting with GlobalProtect app 4.1.3, a GlobalProtect subscription is not required for this use case)	—
Clientless VPN (Not supported on multi-VSYS firewalls if the Clientless VPN traffic must traverse multiple virtual systems)
Split tunneling based on destination domain, client process, and video streaming application
Split DNS
Enforces GlobalProtect connections with FQDN exclusions

See Activate Licenses for information on installing licenses on the firewall.

What OS Versions are Supported with GlobalProtect?

Get Started

GlobalProtect Docs

About GlobalProtect Licenses

GlobalProtect Docs

About GlobalProtect Licenses

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Experts Corner