Switch Between the Prisma Access Agent and GlobalProtect App (Using the PACli Tool)

Table of Contents

Filter

Expand All | Collapse All

Prisma Access Docs

Activation & Onboarding
Administration
Version
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Integrations
Incidents & Alerts
Release Notes
Version
- 5.2 Preferred and Innovation
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred

Switch Between the Prisma Access Agent and GlobalProtect App (Using the PACli Tool)

Learn how to switch between the Prisma Access Agent and GlobalProtect app using the command line.

To switch between the Prisma Access Agent and the GlobalProtect app, run the Prisma Access command-line tool (PACli). When switching to the GlobalProtect app, the PACli tool will prompt you for the anti-tamper unlock password if the administrator set one up during the onboarding of the Prisma Access Agent. Switching to the desired app disables the app that you're currently using.

To switch from the Prisma Access Agent to the GlobalProtect app:
1. Run the switchto command to switch agents:
  On macOS devices, open a Terminal window and issue the following command:
  sudo /Applications/Prisma\ Access\ Agent.app/Contents/Helpers/pacli switchto GlobalProtect
  On Windows devices, open a Command Prompt window and issue the following command:
  "C:\Program Files\Palo Alto Networks\Prisma Access Agent\pacli" switchto GlobalProtect
2. (macOS) Enter the admin password when prompted.
3. If prompted, enter Y to switch to the GlobalProtect app.
4. If prompted for a supervisor password, enter the anti-tamper unlock password.
  The following text shows an example of switching from the Prisma Access Agent to GlobalProtect on a macOS device:
  <username@hostname> ~ % cd /Applications/Prisma\ Access\ Agent.app/Contents/Helpers <username@hostname> Helpers % sudo ./pacli switchto GlobalProtect Enter supervisor password: Disabled Prisma Access Agent. Starting the GlobalProtect service. This can take up to 60 seconds... Successfuly started GlobalProtect. Switch complete. <username@hostname> Helpers %
  
  This action stops the Prisma Access Agent service, and starts the GlobalProtect service. An entry is written to the Prisma Access Agent logs indicating that the Prisma Access Agent has been disabled. For example, the following events are logged:
  <username@hostname> ~ % cd /Applications/Prisma\ Access\ Agent.app/Contents/Helpers <username@hostname> Helpers % ./pacli event . . 740 2024-12-11 23:20:57 Tamper Detection Agent is disabled 741 2024-12-11 23:20:57 Agent Tunnel Tunnel disconnected . .
5. (Optional) Show the status of the switchto command by running the pacli switchto status command.
  The following text shows an example of checking the status of the switchto command on macOS:
  <username@hostname> ~ % cd /Applications/Prisma\ Access\ Agent.app/Contents/Helpers <username@hostname> Helpers % sudo ./pacli switchto status Prisma Access Agent: Disabled GlobalProtect: Enabled <username@hostname> Helpers %
To switch back to the Prisma Access Agent:
1. Run the switchto command to switch agents:
  On macOS devices, open a Terminal window and issue the following command:
  sudo /Applications/Prisma\ Access\ Agent.app/Contents/Helpers/pacli switchto PrismaAccessAgent
  On Windows devices, open a Command Prompt window and issue the following command:
  "C:\Program Files\Palo Alto Networks\Prisma Access Agent\pacli" switchto PrismaAccessAgent
2. (macOS) Enter the admin password when prompted.
3. If prompted, enter Y to switch to the Prisma Access Agent.
4. If prompted for a supervisor password, enter the anti-tamper unlock password.
  The following text shows an example of switching from the GlobalProtect app to the Prisma Access Agent on a macOS device:
  <username@hostname> ~ % cd /Applications/Prisma\ Access\ Agent.app/Contents/Helpers <username@hostname> Helpers % sudo ./pacli switchto PrismaAccessAgent Password: Enter supervisor password: Stopping the GlobalProtect service. This can take up to 60 seconds... Disabled GlobalProtect. Successfuly started Prisma Access Agent. Switch complete. <username@hostname> Helpers %
  
  This action stops the GlobalProtect service and starts the Prisma Access Agent service. An entry is written to the Prisma Access Agent logs indicating that the Prisma Access Agent has been enabled. For example, the following events are logged:
  <username@hostname> ~ % cd /Applications/Prisma\ Access\ Agent.app/Contents/Helpers <username@hostname> Helpers % ./pacli event . . 742 2024-12-11 23:21:05 Tamper Detection Agent is enabled 743 2024-12-11 23:21:21 Agent Tunnel Tunnel connected . .
  
  After switching back to the Prisma Access Agent, if the agent is in Always On mode, the agent will be enabled and will connect to the best location. If the agent is in On-Demand mode, the agent will be enabled but disconnected.
5. (Optional) Show the status of the switchto command by running the pacli switchto status command.
  The following text shows an example of checking the status of the switchto command on macOS:
  <username@hostname> ~ % cd /Applications/Prisma\ Access\ Agent.app/Contents/Helpers <username@hostname> Helpers % sudo ./pacli switchto status Prisma Access Agent: Enabled GlobalProtect: Disabled <username@hostname> Helpers %

Prisma Access Docs

Switch Between the Prisma Access Agent and GlobalProtect App (Using the PACli Tool)

Prisma Access Docs

Switch Between the Prisma Access Agent and GlobalProtect App (Using the PACli Tool)

Activation & Onboarding

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

Best Practices

Experts Corner