Issue: Agents are not upgrading automatically, even if portal client config is set to auto update users in transparent mode.
Transparent mode is enabled with the following steps:
1. Navigate to Network > GlobalProtect > Portals > [portal-name] > Agent > App > Allow User to Upgrade GlobalProtect App 2. Select Allow Transparently
Client Upgrade Modes:
Allow with Prompt (default): Prompt users when a new version is activated on the firewall and allow users to upgrade their software when it is convenient.
Disallow: Prevent users from upgrading the app software.
Allow Manually: Allow users to manually check for and initiate upgrades by selecting Check Version in the GlobalProtect app.
Allow Transparently: Automatically upgrade the app software whenever a new version becomes available on the portal.
Internal: Automatically upgrade the app software whenever a new version becomes available on the portal, but wait until the endpoint is connected internally to the corporate network. This prevents delays caused by upgrades over low-bandwidth connections.
Ensure that the user is not expecting the upgrade process to happen before the GlobalProtect client is connected to their network. This upgrade will not take place until after the connection to its network has been made to avoid loss of productivity for the end user. After the connection has been established, it will then begin the task of downloading the upgrade automatically and transparently in the background.
After the installation of the new version, the connection may drop and reconnect to establish the connection with the new client version. Also, verify if users are experiencing high traffic in their network. If there is a high traffic situation, some clients could fail to download the package. GlobalProtect will delay the task by a randomly determined interval (1 to 30 minutes). There is no guarantee that every download will succeed the first time, but it will succeed eventually.
The automatic update also depends on what previous version was installed. If it is an older version, some existing information may have not been carried forward.
Note: The transparent upgrade will only work if the GlobalProtect user is running a lower GlobalProtect version than what has been activated on the firewall