One of our users decided to upgrade his Mac to MacOS 11, which apparently requires at least v5.2.4. We still haven’t gotten around to upgrading GP yet (short-staffed, pandemic, yadda yadda…) and we’re still on the 5.0 release train.
Before I go down the rabbit-hole of trying to find a current GlobalProtect client download, would a 5.2.x client even connect to a 5.0.x gateway? And are we able to download the newer clients through the PA support portal? Historically I’ve been told to access our GP portal and download that way…
You should be able to use the new client. It all depends on your portal configuration as to whether it will automatically try to download the old version to the device and replace the new one.
The gateway doesn’t have a GP version, there is just a client installer that you can make available for download from the portal, but clients using a more recent version should be able to connect regardless.
If you manage your client upgrades from the portal though, your client device will get a prompt to download/install the version you selected on the portal part. So be sure to at least allow users to decline the upgrade/downgrade.
Your answer is yes. I am preparing to upgrade to 5.2.4 from 5.0.9. My GP version was upgraded while I was testing and then I was able to connect to my regular GP gateway/portal just fine.
You can download the client from support.paloaltonetworks.com . In the nav pane go to Updates > Software updates. Then choose GlobalProtect Agent in the drop-down menu at the top of the page.
You can use a newer version of the client than what you have activated for the portal. There is a setting in the Portal Agent config that will determine whether or not the end user will receive prompts to downgrade the client in the “App” tab: “Allow User to Upgrade GlobalProtect App”. If it is set to “Allow with Prompt” (which is default IIRC), they’ll get asked to downgrade to whatever version you have active each time they connect. If you set that to “Disallow” or “Allow Manually”, then they should not see it.
Perfect! This user has burned himself in the past with Mac OS updates and I thought our desktop group disabled the ability to update it. The nagging reminder every time he connects is a nice feature
