Another possibility I touched upon in introduction section is to push out GlobalProtect upgrade via Palo Alto Firewall. In this post I talked about two methods – 1) Standalone application package that relies on Global Condition to check VPN connection status 2) Custom Task Sequence using GlobalProtect application package with recurring deployment. GlobalProtect Agent Upgrade Process can be “ Allow with Prompt ” (end-user will be prompted for upgrade upon VPN connection) or “ Transparent ” (upgrade will happen without user interaction). I would also like to mention here that GlobalProtect Agent can also be upgraded via Palo Alto Firewall.
This post in written with assumption that Cloud Management Gateway or Internet based client Management is enabled for the devices to get policies and required content when they are not connected to VPN. With some adjustments according to behavior of your VPN software and organizations need, method described here might be useful to other VPN software as well. The trick here would be to ensure GlobalProtect VPN client is updated only when no active VPN connection is found. In this article I am going to demonstrate how to update VPN client GlobalProtect by Palo Alto Networks using SCCM without disconnecting any ongoing VPN connection. However, when it comes to updating VPN client, major challenge is to ensure any active VPN connection is not disconnected during update process as this may potentially cause disruption to other applications/tasks dependent on VPN connection and may subsequently lead to user data loss. Being an EUC administrator you often come across requests to update applications in your environment for various reasons like, vulnerabilities associated with current version, newer version has some bug fixes and more reliable etc.Įvery application has its own updating methods and challenges associated with it.
0 kommentar(er)
