Skip to main content
Solved

Global Protect System Extension

  • November 26, 2025
  • 2 replies
  • 75 views
L
Forum|alt.badge.img+7

Hi All, 

 

Can someone help me with Global System Extension to the Global Protect package to be deploy from Jamf Pro to Devices? the Global System extension need to be excutable with the deploy as well?

 

Thanks in Advance

Best answer by Lion55

Hi All, 

This script I created was the best script on deployment for the GlobalProtect package and System Extension, I thought I would share this script for anyone that needs this script.

 

#!/bin/bash
 
# Script to enable GlobalProtect system extension
 
# Define the GlobalProtect system extension identifier
EXTENSION_ID="com.paloaltonetworks.GlobalProtect.client.extension"
 
# Check if the system extension is already enabled
if ! systemextensionsctl list | grep -q "$EXTENSION_ID"; then
    echo "GlobalProtect system extension is not enabled. Attempting to enable it..."
    
    # Enable the system extension
    systemextensionsctl install "$EXTENSION_ID"
    
    # Check if the extension was successfully enabled
    if systemextensionsctl list | grep -q "$EXTENSION_ID"; then
        echo "GlobalProtect system extension has been successfully enabled."
    else
        echo "Failed to enable GlobalProtect system extension."
        exit 1
    fi
else
    echo "GlobalProtect system extension is already enabled."
fi
 
exit 0 

2 replies

ktrojano
Forum|alt.badge.img+21
  • ktrojano
  • Jamf Heroes
  • November 26, 2025

@Lion55 If I remember correctly, we deployed the config profile with the system extensions first. Then we had a smart group with the criteria “has global protect” profile. The Global protect install package was then scooped to the smart group. I writing this from memory as we don’t use Global Protect any longer.

Kim Trojanowski
    E
    Forum|alt.badge.img+8
    • efil4xiN
    • Valued Contributor
    • November 26, 2025

    This is correct .

    https://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/mobile-endpoint-management/manage-the-globalprotect-app-using-jamf/manage-the-globalprotect-app-for-macos-using-jamf-pro/deploy-the-globalprotect-mobile-app-using-jamf

    L
    Forum|alt.badge.img+7
    • Lion55
    • Author
    • Contributor
    • Answer
    • December 8, 2025

    Hi All, 

    This script I created was the best script on deployment for the GlobalProtect package and System Extension, I thought I would share this script for anyone that needs this script.

     

    #!/bin/bash
     
    # Script to enable GlobalProtect system extension
     
    # Define the GlobalProtect system extension identifier
    EXTENSION_ID="com.paloaltonetworks.GlobalProtect.client.extension"
     
    # Check if the system extension is already enabled
    if ! systemextensionsctl list | grep -q "$EXTENSION_ID"; then
        echo "GlobalProtect system extension is not enabled. Attempting to enable it..."
        
        # Enable the system extension
        systemextensionsctl install "$EXTENSION_ID"
        
        # Check if the extension was successfully enabled
        if systemextensionsctl list | grep -q "$EXTENSION_ID"; then
            echo "GlobalProtect system extension has been successfully enabled."
        else
            echo "Failed to enable GlobalProtect system extension."
            exit 1
        fi
    else
        echo "GlobalProtect system extension is already enabled."
    fi
     
    exit 0 

    Terms & ConditionsCookie settingsAccessibility statement