GlobalProtect App Transparent upgrade fails for Prisma access users

GlobalProtect App Transparent upgrade fails for Prisma access users

5343
Created On 01/10/24 05:11 AM - Last Modified 09/24/24 21:06 PM


Symptom


  • Users connected to Prisma access GlobalProtect Gateway unable to perform Auto or Transparent upgrade.
  • The traffic is getting denied on the Gateway firewall. 

Environment

Cause


Security Policy blocking access to the required URL pan-gp-client.s3.amazonaws.com.
 

Resolution


  1. On Prisma Access GlobalProtect, the setup file during upgrade is download from "pan-gp-client.s3.amazonaws.com
  2. Allow the aws url "pan-gp-client.s3.amazonaws.com" via custom url category to allow in Mobile user container rules. 
  3. Customers can allow very specific file format using File blocking profile and to allow only download for ".pkg and .msi " file format. 

Additional Information


Incase of on-prem GlobalProtect the setup file/application package file is downloaded from portal firewall. 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008WWxCAM&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language