Globalprotect client

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Globalprotect client

L4 Transporter

I want to do some testing on new global protect clients but I don't want to make it update anyone tell I can test it, How do I get the software to test with out making it the default cleint on the firewall?

25 REPLIES 25

yeah Brian we only have one firewall and its the one everyone goes through so if I download the newer globalprotect client and activate it,  it would be available to all of the users not just me.  I think I have found a way on the portal to set users to disable the ability to upgrade to the version. I just have to make sure they are still able to use the client they currently have installed and see if I can create another portal and gateway for me to test with

jprovine,

 

Yes there is a way to disable their ability to upgrade. 

GlobalProtect -> Portal -> Agent -> App setting for "Allow User to Upgrade GlobalProtect App" to Disallow

This will not stop them from using the portal only from being able to upgrade it.  Remember this is a push when the connection is either created or updated.  This is not an immediate change, you may want to set this and wait overnight for everyone to log back in and get the updated profile from the firewall.

the since I am in the same group for VPN I am going to have to create another portal and allow it the rights to upgrade to order to test it effectively

You do not need to create an additional portal but a new Agent within the existing portal.  Then you can modify the settings I previously mentioned for your new group to allow download and install.

I can't do that because the portal in question id all of the VPN users (staff) not just my group. The only way I can restrict it to only me is to have my own portal

jprovine,

 

If you restrict it based on your user only (LDAP/AD/Local Firewal) and put that Portal Agent first you will fall into that group and only you.  Everyone else will filter through to the next Portal Agent.

 

Brian

Yes I already have it set for ad/ldap groups but again its all of the staff, so it easier to create anothe portal and gateway for testing purpose and on that I have ad/ldap only set from user and no other.

does anyone know if the version of the global protect client changes when you upgrade the OS version

When you update the OS double check that your version of the GP client will still be supported, but no an OS update will not automatically update your GP client. 

So if globalprotect version 2.2 is the downloaded and active client version is will always stay that version untill I change it

jprovine,

 

That is correct.  You will need to change the version when you want to update it.

 

On the other topic if you create the agents:

jprovine_agent

    filter on: <domain>\jprovine

domain_agent

vendor_agent

Then you will fall into the first agent group and everyone else will fall into the second agent group that has an allowed domain account.  This is just like the security rules for creating priority.

My admins have both the admin and user VPN security groups associated with them.  But the admins have special rights because their agent group is above the domain user agent group on the list.  I have not managed to break anything by creating more specific filters in the agents if this is a concern of yours.

 

Brian

  • 6119 Views
  • 25 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!