03-09-2017 08:07 AM
I want to do some testing on new global protect clients but I don't want to make it update anyone tell I can test it, How do I get the software to test with out making it the default cleint on the firewall?
03-15-2017 06:24 AM
yeah Brian we only have one firewall and its the one everyone goes through so if I download the newer globalprotect client and activate it, it would be available to all of the users not just me. I think I have found a way on the portal to set users to disable the ability to upgrade to the version. I just have to make sure they are still able to use the client they currently have installed and see if I can create another portal and gateway for me to test with
03-15-2017 09:05 AM
jprovine,
Yes there is a way to disable their ability to upgrade.
GlobalProtect -> Portal -> Agent -> App setting for "Allow User to Upgrade GlobalProtect App" to Disallow
This will not stop them from using the portal only from being able to upgrade it. Remember this is a push when the connection is either created or updated. This is not an immediate change, you may want to set this and wait overnight for everyone to log back in and get the updated profile from the firewall.
03-15-2017 11:29 AM
the since I am in the same group for VPN I am going to have to create another portal and allow it the rights to upgrade to order to test it effectively
03-16-2017 09:03 AM
You do not need to create an additional portal but a new Agent within the existing portal. Then you can modify the settings I previously mentioned for your new group to allow download and install.
03-16-2017 09:55 AM
I can't do that because the portal in question id all of the VPN users (staff) not just my group. The only way I can restrict it to only me is to have my own portal
03-17-2017 09:09 AM
jprovine,
If you restrict it based on your user only (LDAP/AD/Local Firewal) and put that Portal Agent first you will fall into that group and only you. Everyone else will filter through to the next Portal Agent.
Brian
03-17-2017 09:42 AM
Yes I already have it set for ad/ldap groups but again its all of the staff, so it easier to create anothe portal and gateway for testing purpose and on that I have ad/ldap only set from user and no other.
03-20-2017 12:13 PM
does anyone know if the version of the global protect client changes when you upgrade the OS version
03-20-2017 12:34 PM
When you update the OS double check that your version of the GP client will still be supported, but no an OS update will not automatically update your GP client.
03-20-2017 01:27 PM
So if globalprotect version 2.2 is the downloaded and active client version is will always stay that version untill I change it
03-27-2017 10:21 AM
jprovine,
That is correct. You will need to change the version when you want to update it.
On the other topic if you create the agents:
jprovine_agent
filter on: <domain>\jprovine
domain_agent
vendor_agent
Then you will fall into the first agent group and everyone else will fall into the second agent group that has an allowed domain account. This is just like the security rules for creating priority.
My admins have both the admin and user VPN security groups associated with them. But the admins have special rights because their agent group is above the domain user agent group on the list. I have not managed to break anything by creating more specific filters in the agents if this is a concern of yours.
Brian
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
