Manage Upgrade Options for the GlobalProtect App
Control how Prisma Access manages the GlobalProtect app.
Control the active app versions on the Prisma Access portal. Manage
the active GlobalProtect version.
Prisma Access hosts the GlobalProtect app
version that macOS and Windows users in your organization can download
from the Prisma Access portal. Prisma Access offers several versions
of the GlobalProtect app, and you can choose to make one of those
versions the active version. You can also manage mobile users' access
to the GlobalProtect app, or perform staged upgrades.
Select the Active GlobalProtect App Version
Prisma Access manages the GlobalProtect app
version for Windows and macOS users in your organization. While
Prisma Access hosts several GlobalProtect app versions, only one
of the hosted versions is active. When mobile users log in to the
Prisma Access portal, the active version is the one they download and
use on their Windows and macOS devices.
The System Status
page also provides you information about your current Panorama version,
Cloud Services plugin version, and dataplane version. You can receive
notifications and alerts on this page when plugin or Panorama versions become
end of support (EoS) for use with Prisma Access. See Notifications and Alerts for Panorama, Cloud Services Plugin, and PAN-OS Dataplane Versions for details.
If
your currently-active version is end-of-life, Prisma Access notifies
you and requests that you activate a supported version.
You
can select different GlobalProtect versions in a multitenant deployment.
The GlobalProtect app version settings you apply are per tenant
and not global; you control the app version on a per-tenant basis.
You
can replace the current active version with another hosted version
from the Service Setup page by completing the following steps.
- Select.PanoramaCloud ServicesConfigurationService Setup
- SelectActivate new GlobalProtect App versionand compare it to the active GlobalProtect version.If your current GlobalProtect version is end-of-life (EoL), a message displays in this area on the Service Setup page; if you receive this message, upgrade your GlobalProtect app version by continuing to the next step.
- Select the version to which you want to upgrade.A window displays to verify your choice.After the app has been activated, you receive a success message.
- View the System Status page to verify that the GlobalProtect app version you selected as active is theActive GlobalProtect App version.
Manage Users’ Access to GlobalProtect App Updates
To manage mobile users' access to the active
GlobalProtect app version that is hosted by Prisma Access, complete
the following steps.
- In Panorama, select.NetworkGlobalProtectPortals
- Select theMobile_User_Templatefrom theTemplatedrop-down.
- SelectGlobalProtect_Portalto edit the Prisma Access portal configuration.
- Select theAgenttab and select the app configuration.
- Select theApptab.
- In theApp Configurationsarea, select a choice inAllow User to Upgrade GlobalProtect Appto specify whether mobile users can upgrade their GlobalProtect app version to the active version that is hosted on Prisma Access and, if they can, whether they can choose when to upgrade:
- Allow with Prompt(default)—Prompt users when a new version is activated and allow users to upgrade their software when it is convenient.
- Disallow—Prevent users from upgrading the app software.
- Allow Manually—Allow users to manually check for and initiate upgrades by selectingCheck Versionin the GlobalProtect app.
- Allow Transparently—Automatically upgrade the app software whenever a new version becomes available on the portal.
- Internal—Automatically upgrade the app software whenever a new version becomes available on the portal, but wait until the endpoint is connected internally to the corporate network. This prevents delays caused by upgrades over low-bandwidth connections.
Perform Staged Updates of the GlobalProtect App
If you manage a large organization, you might
want to update mobile users to the latest version of the GlobalProtect
app in stages. For example, you could assign a smaller group to
update their GlobalProtect app before rolling out the update to
everybody in your organization. To do so, complete the following
task.
- If you have not yet created it, create a user group for the first group of users to which you want to roll out the GlobalProtect app update.You can use User-ID to map users to groups, or selectto manually create a group.DeviceLocal User DatabaseUser Groups
- Create a new GlobalProtect agent configuration to use for the first group of users.
- In Panorama, select.NetworkGlobalProtectPortals
- Select theMobile_User_Templatefrom theTemplatedrop-down.
- SelectGlobalProtect_Portalto edit the Prisma Access portal configuration.
- Select theAgenttab.
- Select theDEFAULTconfiguration andCloneit.You can alsoAdda new configuration; but cloning the existing configuration copies over required information for the new configuration.
- Specify aNamefor the configuration.
- Select theConfig Selection Criteriatab.
- In theUser/User Grouparea, select the user you created in Step 1.
- Select theApptab.
- ChangeAllow User to Upgrade GlobalProtect Appto eitherAllow with PromptorAllow Transparently.Allow with Promptprompts users when a new version is activated and allows them to upgrade their software when it is convenient;Allow Transparentlyautomatically upgrades the app software whenever a new version becomes available on the portal.
- ClickOKto save your changes.
- SelectMove Upto move your configuration above the default configuration.When an app connects, the portal compares the source information in the packet against the agent configurations you have defined. As with security rule evaluation, the portal looks for a match starting from the top of the list. When it finds a match, it delivers the corresponding configuration to the app.
- Repeat these steps for theDEFAULTconfiguration, but changeAllow User to Upgrade GlobalProtect ApptoDisallowto prevent users from updating to the latest GlobalProtect app software.
- When you want to let the rest of the users update their apps, changeAllow User to Upgrade GlobalProtect Appin theDEFAULTconfiguration to a selection that allows it (eitherAllow with PromptorAllow Transparently).
Most Popular
Recommended For You
Recommended Videos
Recommended videos not found.