Global protect app transparent update issue

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Global protect app transparent update issue

Hi Team,


I have an issue, where customer is not able to update global protect app using transparent option. I'm explaining the issue in very detail to avoid confusion.


User machine is installed with client version 2.3.1. During the time of deployment portal app setting was configured to upgrade "allow user to upgrade with prompt"


Now global protect client upgraded to version 5.0.2 in firewall then when user tried to connect global protect portal from agent he was prompted to do upgrade the latest agent version instead of yes, user selected no.After this user is still connecting using old version 2.3.1 to portal/gateway.


Now I don't have any option to block older GP version connection. If by HIP logs also I can only block traffic not GP agent connection.


I have changed the app setting option from "allow user to upgrade with prompt to transparently but agent is not getting upgraded transparently. Because when it connected after  GP client version 5.0.2 upgrade I said "no". Now I changed it to transparent but upgrade is not happening.


Please suggest how can I block GP older version or upgrade it transparently in this scenario.


@reaper Your comments would have helped me lot to resolve many issue,It will be very useful if you suggest your option.







Cyber Elite
Cyber Elite

I have cancelled many times when I have connected to GP Portals.

Each time I attempt a re-connect to the same GP portal, I get the request to upgrade (or downgrade, depending).


My recommendation is to activate a different version (5.0.1) and see if the popup window can be seen again.



Help the community: Like helpful comments and mark solutions

Hi steve


I believe then you didn’t get my issue clearly.


Assume like you have version 5.0.1 now you want to upgrade to 5.0.3. In portal set the option agent -> app -> allow upgrade with prompt. Now connect  it will ask for upgrade select option no.


now get back to portal change option agent -> app -> upgrades transparently. commit configuration.


go to client machine and try to connect now and see if you are seeing option to upgrade and silent upgrade is happening. It will not happen this is issue






Apologies if my words meant anything wrong.


i have replicated this issue in version 2.3.1 and 4.1.10 but I don’t see resolution.


your understanding is correct. In portal agent app setting have options upgrade with prompt. When this option is selected user can see prompt for upgrade but consider like he selected option No then he will be connected with same old version.


later when user connects he is not prompted for upgrade and even if I change upgrade option to transparent no luck.


thanks for insight in this issue 



Hi All,


Here I have more analysis, After it is prompted for upgrade and user selects No then it is not upgrading in forth coming attempt. Also no luck even we change option to transparent upgrade.


But, When I refresh connection it is trying to establish connection with portal again and fetching setting which override cache in client machine. after this attempt transparent upgrade is happening smoothly.


I'm seeing refresh connection option after 4.1, So 2.3.1 has option rediscover network but can't able to use it as it is hided.




Hi All,


Just a solution or workaround whatever you call, to fix this issue. Keep the allow user to upgrade option in app setting to "allow transparently" and commit configuration.


So when next time user reboot his client machine and connect to portal automatically upgrade will happen at the backend.




I believe I am experiencing a similar issue. We had previously set the client upgrade option to 'disallow'. Now we need to upgrade the client so I've changed the Client->App settings in the Portal to 'Allow Transparently'. It appears clients first connecting to the portal with an old version of the client (ie 4.1.13) do get upgraded to the new client (5.0.5) but any clients that have connected to the portal previously while the upgrade option was set to 'Disallow' are not seeing the changed 'Allow Transparently' setting and are not installing the new activated client version (5.0.5).

This doesn't seem right. I have 200+ clients so I would prefer not to manually evoke a 'Refresh connection' on every client with the workaround proposed here.


Going to reach out to support about this too but I'd thought I'd add this discussion.

Will update if I find anything




Thanks for your comments, any update from support regarding the case you have opened?


Also it will automatically upgrade when you connect to portal after laptop reboot.




Actually we found out that the Transparent Upgrade was kicking off but we didn't have DNS configured to resolve to the portal address so it was unable to download the new client from the portal after it connected and switched over to using our internal DNS servers. I added DNS records for the portal on our internal DNS servers and the upgrades started happening.


Hope that helps!


  • 8 replies
  • 101 Subscriptions
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!