GlobalProtect doesn't upgrade

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

GlobalProtect doesn't upgrade

L2 Linker

Our current version in clients is 5.2.7. Now I have activated 5.2.8 but clients doesn't upgrade. Our setting for upgrade is allow transparently. Client machines shows pop up that GlobalProtect agent upgrade is in progress please wait etc... but nothing happens.

 

Previous update to 5.2.7 couple of month ago went smoothly. This is first time this kind of behavior.

1 accepted solution

Accepted Solutions

L1 Bithead

Figured out the problem for my environment. The agent download was failing (found by opening GP Agent -> Settings -> Troubleshooting ->  Agent Logs)

Internal DNS records for our GP Portal were incorrect. Fixed them up so the portal was reachable from inside the network, then the upgrade immediately started working.

View solution in original post

7 REPLIES 7

L1 Bithead

I get the same issue trying to upgrade to 5.2.8. Endpoints get a message about the upgrade in progress, but nothing ever actually happens. Are there some logs we can find to tell us what's going on?

L3 Networker

I didn't get the same issue when I activated 5.2.8 from 5.2.7. However, several users failed to upgrade the GP client, so they followed the following KB. The typical uninstallation/installation GP client didn't work in this case.

Error: Failed to find PANGP virtual adapter interface when connecting to GlobalProtect
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm5eCAC&lang=en_US

 

Hope this helps!

--
"The Simplicity is the ultimate sophistication." - Leonardo da Vinci.

Cyber Elite
Cyber Elite

I have macOS Catalina, and I ran into the same issue.  So, it is not the issue in the KB article for Windows.  Previous upgrades worked fine.  For 5.2.8, I would get a popup, then nothing.  I chose to download the software from the portal and manually upgrade.  That process worked fine.

Help the community: Like helpful comments and mark solutions.

L1 Bithead

Figured out the problem for my environment. The agent download was failing (found by opening GP Agent -> Settings -> Troubleshooting ->  Agent Logs)

Internal DNS records for our GP Portal were incorrect. Fixed them up so the portal was reachable from inside the network, then the upgrade immediately started working.

Did you use the internal portal IP address for DNS? We're using a loopback address and are having a similar issue and I'm wondering if it's a misconfigured DNS entry.

Cyber Elite
Cyber Elite

Hi @MikeSangray2019 ,

 

I run into a similar issue with many customers.  After you connect via GP, your endpoint no longer uses an external DNS server.  You need to create an internal DNS A record for your GP public IP address.  Then the upgrade will work fine.

 

Thanks,

 

Tom

Help the community: Like helpful comments and mark solutions.

Thanks, Tom! This got it working for us.

  • 1 accepted solution
  • 10767 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!