So we're moving to a newer version of Global Protect, 5.1.4 from 5.0.4, and have PPPC settings via Configuration Profile allowing access to the Download, Desktop, and Documents folders explicitly - just to reduce the number of click thru's required and potential calls from employees.
The changes in 5.1.4 seems to require an addition to the PPPC settings since apparently the bundle now has an additional '.client' at the end of it. I made the additions but something is still off and and the requests for access are still coming through.
Wondering if anybody else has run into this also or has any ideas.
Looks correct, right? Weird.
This is the output of codesign -dr - /Applications/GlobalProtect.app
Executable=/Applications/GlobalProtect.app/Contents/MacOS/GlobalProtect designated => identifier "com.paloaltonetworks.GlobalProtect.client" and anchor apple generic and certificate 1[field.1.2.840.1136220.127.116.11.6] /* exists */ and certificate leaf[field.1.2.840.113618.104.22.168.13] /* exists */ and certificate leaf[subject.OU] = PXPZ95SK77
I did use that to create the PPPC originally. Wouldn't shock me if PAN did something weird with GlobalProtect
That is a PaloAlto System Engineer support answer:
"We do not currently qualify JAMF as a Mac management vendor. This is why our TAC does not have complete instructions for deploying GlobalProtect with JAMF. There is an existing feature request to support this and "company" has been added as a customer interested in this. However, there is not currently any timeline or commitment for it.
Have you worked with JAMF? I have no experience with it and my inquiries to other colleagues have yielded no additional information. "
Unfortunetly, I do not have GP support account yet.
@mbezzo On Catalina GP 5.2.x will use a System Extension unless you're using the option in GP 5.2.5-H1 and later to use a Kernel Extension instead: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000001UoHCAU