Instead of enabling users to directly disable GlobalProtect, you can allow a user to
create a ticket in order to disable GlobalProtect. The GlobalProtect admin can then
decide whether or not to allow each specific user to disable GlobalProtect.
How It Works
After you’ve set up this feature, here’s the workflow for a ticket
request to disable GlobalProtect:
A user attempts to disable GlobalProtect in the GlobalProtect app.
GlobalProtect displays a request number to the user.
The user shares the request number with the GlobalProtect admin.
The GlobalProtect admin logs in to
Prisma Access
(Cloud Management)
and uses
the request number to generate a ticket.
The GlobalProtect admin shares the ticket number with the user. The user
enters the ticket number into the app to disable GlobalProtect.
Before you can enable the option for ticket requests to disable
GlobalProtect, you must first need to set an Agent User Override Key.
Go to
GlobalProtect Setup
GlobalProtect App
Global App Settings
and enter a four character key to set the
Agent
Override Key
.
If you're using Strata Cloud Manager, go to
Workflows
Prisma Access
Setup
GlobalProtect
GlobalProtect App
Global App Settings
.
Allow for GlobalProtect to be disabled with a ticket
Go to
GlobalProtect Setup
GlobalProtect App
App Settings
App Configuration
Disable GlobalProtect
and set the option to
Allow with
Ticket
.
If you're using Strata Cloud Manager, go to
Workflows
Prisma Access
Setup
GlobalProtect
GlobalProtect App
App Settings
App Configuration
Disable GlobalProtect
and set the option to
Allow with
Ticket
.
Generate a ticket
After setting the
Agent Override Key
and the option to
Allow with Ticket
, you’ll be able to
Generate Ticket
.
When a user attempts to disable GlobalProtect in the app, GlobalProtect will
display a request number to them. Submit that request number here to
generate a ticket for GlobalProtect to be disabled for that user.
Panorama
Set an Agent Override Key
Before you can enable the option for ticket requests to disable
GlobalProtect, you must first need to set an Agent User Override Key.
Go to
Network
GlobalProtect
Portals
and select the connection name your want to set an Override
Key for. Select
Agent
and then enter a key to set the
Agent Override Key
.
Allow for GlobalProtect to be disabled with a ticket
Go to
Network
GlobalProtect
Portals
and select the connection name your want to Allow users to
disconnect from. Select
Agent
, choose a
Config
, select
App
App Configurations
Allow user to disconnect GlobalProtect App (Always-on
mode)
, and set the option to
Allow with
Ticket
.
Generate a ticket
After setting the
Agent Override Key
and the option to
Allow with Ticket
, you’ll be able to
Generate Ticket
.
When a user attempts to disable GlobalProtect in the app, GlobalProtect will
display a request number to them. Submit that request number here to
generate a ticket for GlobalProtect to be disabled for that user.