The certificates and the chain used for GlobalProtect App Log Collection and ADEM are expiring as of June 3, 2022. Please be sure to update the certificates for GlobalProtect App Log Collection and ADEM after April 20, 2022 and before June 3, 2022, when the certificate expires. Read the steps below to renew the certificate used for GlobalProtect App Log Collection and ADEM now. Steps to renew the certificate used for GlobalProtect App Log Collection and ADEM:
If you are using Panorama to manage Prisma Access and/or NGFW performing the following steps:
Click on Panorama -> Cloud Services -> Configuration
Under “GlobalProtect App Log Collection and Autonomous DEM” section Click on “Renew Certificate for GlobalProtect App Log Collection and Autonomous DEM” to renew the certificate
Once the new certificate is generated, administrator has to push the new certificate under Portal -> Agent -> Configs -> Client Certificate
Once the new certificate is generated, it overwrites the old certificate and the certificate name remains the same i.e. globalprotect_app_log_cert .
The new certificate will be pushed to the GlobalProtect app upon portal configuration refresh either manually by the end user or at default portal configuration refresh interval, which is 24 hours by default unless changed by the admin.
First time ADEM endpoint deployments will be able to successfully register to ADEM service only if they upgrade to the new version of GP 5.2.11 . Existing ADEM endpoints already connected to ADEM Cloud Service will be auto-upgraded with latest ADEM endpoint version and need not migrate to GlobalProtect 5.2.11
If you are using Cloud Managed Prisma Access performing the following steps:
Navigate to Configuration -> Objects -> Certificate Management -> Shared -> GP_Log_Certificate
Administrators have to manually update the certificate by performing the below steps:
Once the new certificate is generated, administrator has to push the new changes by clicking on Push Config -> Push -> Mobile Users - GlobalProtect and select “Push”
The new certificate will be pushed to the GlobalProtect app upon portal configuration refresh either manually by the end user or at default portal configuration refresh interval, which is 24 hours by default unless changed by the admin.
First time ADEM endpoint deployments will be able to successfully register to ADEM service only if they upgrade to the new version of GP 5.2.11 . Existing ADEM endpoints already connected to ADEM Cloud Service will be auto-upgraded with latest ADEM endpoint version and need not migrate to GlobalProtect 5.2.11
Note: Customers are advised to renew the certificate only after April 20 2022 and before June 3 2022 when the certificate expires. If certificate renewal is performed before April 20 2022 then you will still get the old certificate which is due to expire on June 3 2022.
... View more