Focus

Prisma Access

Stagger GlobalProtect App Updates

Table of Contents

Filter

Expand All | Collapse All

Prisma Access Docs

Administration
Version
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Integrations
Incidents & Alerts
Release Notes
Version
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred

Allow Users to Upgrade the GlobalProtect App

Integrate Prisma Access with On-Premises GlobalProtect Gateways

Stagger GlobalProtect App Updates

Where Can I Use This?	What Do I Need?
`Prisma Access (Managed by Panorama)`	`Prisma Access` license

If you manage a large organization, you might want to update mobile users to the latest version of the GlobalProtect app in stages. For example, you could assign a smaller group to update their GlobalProtect app before rolling out the update to everybody in your organization. To do so, complete the following task.

If you have not yet created it, create a user group for the first group of users to which you want to roll out the GlobalProtect app update.

You can use User-ID to map users to groups, or select

Device

Local User Database

User Groups

to manually create a group.

Create a new GlobalProtect agent configuration to use for the first group of users.

In Panorama, select

Network

GlobalProtect

Portals

Select the

Mobile_User_Template

from the

Template

drop-down.

Select

GlobalProtect_Portal

to edit the Prisma Access portal configuration.

Select the

Agent

tab.

Select the

DEFAULT

configuration and

Clone

it.

You can also

Add

a new configuration; but cloning the existing configuration copies over required information for the new configuration.

Specify a

Name

for the configuration.

Select the

Config Selection Criteria

tab.

In the

User/User Group

area, select the user you created in Step 1.

Select the

App

tab.

Change

Allow User to Upgrade GlobalProtect App

to either

Allow with Prompt

Allow Transparently

Allow with Prompt

prompts users when a new version is activated and allows them to upgrade their software when it is convenient;

Allow Transparently

automatically upgrades the app software whenever a new version becomes available on the portal.

Click

to save your changes.

Select

Move Up

to move your configuration above the default configuration.

When an app connects, the portal compares the source information in the packet against the agent configurations you have defined. As with security rule evaluation, the portal looks for a match starting from the top of the list. When it finds a match, it delivers the corresponding configuration to the app.

Repeat these steps for the

DEFAULT

configuration, but change

Allow User to Upgrade GlobalProtect App

Disallow

to prevent users from updating to the latest GlobalProtect app software.

When you want to let the rest of the users update their apps, change

Allow User to Upgrade GlobalProtect App

in the

DEFAULT

configuration to a selection that allows it (either

Allow with Prompt

Allow Transparently

Allow Users to Upgrade the GlobalProtect App

Integrate Prisma Access with On-Premises GlobalProtect Gateways

Prisma Access Docs

Stagger GlobalProtect App Updates

Prisma Access Docs

Stagger GlobalProtect App Updates

Recommended For You

Activation & Onboarding

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

Best Practices

Experts Corner