Restrict Transparent Agent Upgrades to Internal Network Connections

As part of a GlobalProtect portal configuration, you can now control when transparent upgrades occur for a GlobalProtect client. With this configuration, if the user connects from outside the corporate network, the upgrade is postponed. Later, when the user connects from within the corporate network, the upgrade is activated. This feature allows you to hold the updates until users can take advantage of good network availability and high bandwidth from within the corporate network. The upgrades will not hinder users when they travel to environments with low bandwidth.
gp-portal-internal-upgrade.png
  1. Customize the GlobalProtect Agent .
    1. Select NetworkGlobalProtectPortals and select the portal configuration for which you want to add an agent configuration (or Add a new configuration).
    2. Select the Agent tab and select the configuration you want to modify (or Add a new configuration).
    3. Select the App tab.
      By default, the App configurations display the options with default values that you can customize for each client configuration. By default, GlobalProtect prompts the end user to upgrade.
  2. Change the default behavior so that GlobalProtect app upgrades occur automatically.
    Set Allow User to Upgrade GlobalProtect App to one of the following:
    • Allow Transparently—Upgrades occur automatically without interaction with the user. Upgrades can occur when the user is working remotely or connected from within the corporate network.
    • Internal—Upgrades occur automatically without interaction with the user, provided the user is connected from within the corporate network. This setting is recommended to prevent slow upgrades in low-bandwidth situations. When a user connects outside the corporate network, the upgrade is postponed and re-activated later when the user connects from within the corporate network. You must configure internal gateways and internal host detection to use this option.
    Upgrades for Allow Transparently and Internal occur only if the GlobalProtect software version on the portal is more recent than the GlobalProtect software version on the endpoint. For example, a GlobalProtect 3.1.3 agent connecting to a GlobalProtect 3.1.1 portal is not upgraded.
  3. Save the agent configuration settings.
    1. If you are done creating agent configurations, click OK to close the Configs dialog.
    2. If you are done configuring the portal, click OK to close the GlobalProtect Portal Configuration dialog.
    3. Commit your changes.

Related Documentation