These steps may also apply to users getting this error message: "Connection Failed. Could not connect to the GlobalProtect Service. Make sure the GlobalProtect service is running." 

macOS 15 and Newer

1. Click the Apple icon in the top-left corner.
2. Select System Settings.
3. Select General in the left-hand column.
4. Go to Login Items.
5. Find "Palo Alto Networks" in the list.
6. Click the toggle to allow GlobalProtect as an extension.
   
   • You may need to enter your Mac user name and password.
7. Restart your computer and attempt to log in to the VPN.

Previous macOS Versions

1. Click the Apple icon in the upper left hand corner, then click 'System Preferences', then 'Security'.
2. Look for a message at the bottom of the window stating "System software from developer was blocked from loading."
3. To allow the software to load again, click the Allow button.

This pop-up window may continually appear after starting GlobalProtect.

Attempt the following steps to remove it:

1. Uninstall GlobalProtect - WiscVPN GlobalProtect (macOS) - Uninstalling
2. Install GlobalProtect again - WiscVPN GlobalProtect (macOS) - Installing
3. Set the "Palo Alto Networks" login item to off (for macOS 15 and newer):
   1. Click the Apple icon in the top-left corner.
   2. Select System Settings.
   3. Select General in the left-hand column.
   4. Go to Login Items.
   5. Find "Palo Alto Networks" in the list.
   6. If the toggle is blue, click the toggle to turn it off.
      
      • You may need to enter your Mac user name and password.
4. Restart your computer.
5. Set the "Palo Alto Networks" login item to on following the same steps above.
6. Restart your computer again.
7. Open GlobalProtect and attempt to connect to the VPN - WiscVPN GlobalProtect (macOS) - Connecting and Disconnecting

When GlobalProtect is uninstalled from your macOS computer and a newer version is installed, the old "enforcer kernel extension" may cause connection issues. 

Reference the official Palo Alto documentation to remove the enforcer kernel extension from your computer. 

Your issue could be related to a security setting for the Mac Keychain. Properly restart the computer by clicking restart, and making sure the "Reopen windows when logging back in" is unchecked as shown here:

Once the computer restarts and GlobalProtect restarts upon booting back up, there will eventually be a prompt that pops up. It will ask for permission for GlobalProtect to use confidential information from the Keychain. For example:

The password should be the computer's Admin password, or their Apple ID password. Once the password has been entered, click "Always allow". Afterward, GlobalProtect should be able to move past the "Connecting" phase and will prompt for username and password as usual.

However, if the previous troubleshooting did not work, the issue could persist because Apple added an extra layer of complexity in 10.13. The linked article has all the explanations. OS X blocks signed extensions from loading. It doesn’t load unsigned extensions at all. This is the error message from the logs:

08/22/2018 10:13:17.062325[Error 183]: Failed to load KEXT pangpd_10.9.kext, error sys_libkern:sub_libkern_kext (0x37:0x2:0xd)
    

This approval UI is only present in the Security & Privacy preferences pane for 30 minutes after the alert. Until the user approves the KEXT, future load attempts will cause the approval UI to reappear but will not trigger another user alert. See this Apple page.

Once disabled try to enable the kernel extension for GP under System Preferences > Security & Privacy > General and then by clicking the Allow button. The user then needs to restart after clicking Allow to start the service.

• If the issue persist afterwards, another workaround can be tried. For this, the MAC would need to be booted into recovery mode and then from Terminal issue the command spctl kext-consent add PXPZ95SK77.

1. Boot into Recovery Mode. Instructions can be found here.

   • Click on Utilities in the menu bar.
   • Click on Terminal.

2. run spctl kext-consent add PXPZ95SK77 in the terminal note: PXPZ95SK77 is the unique identifier for Palo Alto Networks

3. Reboot the MAC system.

4. Reinstall GlobalProtect.

For troubleshooting with other versions of MacOS, please refer to the following articles from official PaloAlto GlobalProtect documentation : Remove Enforcer Kernel Extension and Enable Valid Client Certificate usage

If none of the troubleshooting steps in this document help, please call the HelpDesk and an HD agent will personally assist you.