- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
02-03-2025 01:03 AM
Hello everyone,
I would like to know how the GP agent behaves when connecting to the portal.
*I am using Prisma Access.
I understand that if the GP agent can connect to the portal, it will retrieve the portal config every time it connects to the portal, even if there is a portal config (GlobalProtect Agent Configuration) cache.
The following are my questions.
1. On a Windows device, even if the GP agent has a portal config cache, when will it go to the portal to retrieve the portal config?
- When the device starts up (in the case of pre-logon)
- When the device logs in (including when recovering from sleep)
- When "Refresh connection" is clicked in the GP App
(GP App > hamburger button > Refresh connection)
2. Even if the GP agent cannot connect to the portal, will it continue to retry connecting to the portal if there is a portal config cache?
3. If the answer to question 2 above is Yes, will it continue to retry connecting to the portal even if the GP agent has a VPN connection?
*If users are temporarily unable to connect to the portal, but they have Internet connection and can connect to the gateway using cache, they can connect to the VPN and use the agent proxy, but I would like to know whether they will retry connecting to the portal even in that situation.
4. If the answer to question 2 above is Yes, is the interval at which the GP agent retries connecting to the portal the interval set in "App Settings > GlobalProtect App Config Refresh Interval"?
https://docs.paloaltonetworks.com/prisma-access/administration/prisma-access-mobile-users/mobile-use...
5. If the answer to question 4 above is Yes, if users are unable to connect to the portal but can connect to the gateway using the cache, is the only impact that the change is not reflected in the operation of the device when administrator change any settings in the GlobalProtect App on the Prisma Access side? (Are there any other possible effects?)
Example: If administrator set "GlobalProtect App Config Refresh Interval" to the maximum value of 168 hours, I think the portal config on the GP agent side will not be updated during that period.
02-08-2025 06:15 PM
@Y.Tsushima wrote:
Hello everyone,
I would like to know how the GP agent behaves when connecting to the portal.
*I am using Prisma Access.I understand that if the GP agent can connect to the portal, it will retrieve the portal config every time it connects to the portal, even if there is a portal config (GlobalProtect Agent Configuration) cache.
The following are my questions.
1. On a Windows device, even if the GP agent has a portal config cache, when will it go to the portal to retrieve the portal config?
- When the device starts up (in the case of pre-logon)
- When the device logs in (including when recovering from sleep)
- When "Refresh connection" is clicked in the GP App
(GP App > hamburger button > Refresh connection)
2. Even if the GP agent cannot connect to the portal, will it continue to retry connecting to the portal if there is a portal config cache?
3. If the answer to question 2 above is Yes, will it continue to retry connecting to the portal even if the GP agent has a VPN connection?
*If users are temporarily unable to connect to the portal, but they have Internet connection and can connect to the gateway using cache, they can connect to the VPN and use the agent proxy, but I would like to know whether they will retry connecting to the portal even in that situation.
4. If the answer to question 2 above is Yes, is the interval at which the GP agent retries connecting to the portal the interval set in "App Settings > GlobalProtect App Config Refresh Interval"?
https://docs.paloaltonetworks.com/prisma-access/administration/prisma-access-mobile-users/mobile-use...
5. If the answer to question 4 above is Yes, if users are unable to connect to the portal but can connect to the gateway using the cache, is the only impact that the change is not reflected in the operation of the device when administrator change any settings in the GlobalProtect App on the Prisma Access side? (Are there any other possible effects?)
Example: If administrator set "GlobalProtect App Config Refresh Interval" to the maximum value of 168 hours, I think the portal config on the GP agent side will not be updated during that period.
Hello @Y.Tsushima , let me give your questions a shot; see my responses embedded into your questions;
When will the GP agent go to the portal to retrieve the portal config on a Windows device, even if it has a portal config cache?
When the device starts up (in the case of pre-logon): The GP agent will check the portal config upon device startup in a pre-logon state to ensure it has the latest configuration and policies before user login.
When the device logs in (including when recovering from sleep): Upon user login or when the device wakes from sleep, the GP agent will again contact the portal to fetch the latest configuration.
When "Refresh connection" is clicked in the GP App (GP App > hamburger button > Refresh connection): Manually refreshing the connection forces the GP agent to contact the portal and retrieve any updated configurations.
Will the GP agent continue to retry connecting to the portal if there is a portal config cache?
Yes: The GP agent will continuously attempt to connect to the portal to ensure it has the most up-to-date configuration. Even if a cached configuration is available, it will not stop retrying the portal connection.
Will the GP agent continue to retry connecting to the portal even if it has a VPN connection?
Yes: The GP agent will keep trying to establish a connection to the portal regardless of an active VPN connection. This is to ensure that any changes made on the portal are received and applied as soon as possible.
Is the interval at which the GP agent retries connecting to the portal the interval set in "App Settings > GlobalProtect App Config Refresh Interval"?
Yes: The retry interval for the GP agent to connect to the portal is determined by the setting in "App Settings > GlobalProtect App Config Refresh Interval." This interval specifies how often the GP agent should attempt to refresh its configuration from the portal.
If users are unable to connect to the portal but can connect to the gateway using the cache, is the only impact that the change is not reflected in the operation of the device when an administrator changes any settings in the GlobalProtect App on the Prisma Access side?
Yes: If users cannot connect to the portal but can still connect to the gateway using the cached configuration, the primary impact is that any changes made by the administrator in the GlobalProtect App settings on the Prisma Access side will not be reflected until the portal config is updated. For example, if the "GlobalProtect App Config Refresh Interval" is set to the maximum value of 168 hours, the GP agent’s portal config will not be updated during that period, and any configuration changes made by the administrator will not take effect until the next successful portal connection.
I hope you find my response helpful.
Thank you,
Vickynet
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!