Symantec Privileged Access Manager (PAM) client download links normally point to a public cloud location. In environments where workstations lack internet access, administrators must provide alternative deployment methods. This guide outlines how to manually transfer installers or configure an internal distribution network

By default, the PAM appliance is configured with download links that point to files hosted in an external cloud environment. If a workstation does not have direct internet access or if the organization’s security policies block access to the public cloud, these default download links will fail to resolve or retrieve the installer

Method 1: Manual Download

The public location of the PAM client installer files is https://d21oi5tjuccwe.cloudfront.net. Accessing that link directly from a host with internet access will give a list of files available for download. One way is to get the file downloaded on a node with internet access and then transfer the installer file to a location accessible from the intranet. Use an internet-connected computer to download the specific binary for your target PAM version. Replace Vx.x.x with your actual version (e.g., V4.2.3).

Updated Download URLs:

• Windows: https://d21oi5tjuccwe.cloudfront.net/ca-pam/install/win/CAPAMClientInstall_Vx.x.x.exe
• macOS: https://d21oi5tjuccwe.cloudfront.net/ca-pam/install/mac-aarch64/CAPAMClientInstall_Vx.x.x.zip
• Linux: https://d21oi5tjuccwe.cloudfront.net/ca-pam/install/linux64/CAPAMClientInstall_Vx.x.x.bin

Note: If the link fails, navigate to the base directory to view the full directory listing of available versions

Method 2: Private Content Delivery Network (CDN)

Administrators can host these files locally so users do not need internet access to download the client from the PAM login page. See Use a Private Delivery Network to Distribute the Client Installer. This will require the PAM admin to download the files from the cloud. Once this delivery network is configured, when a user accesses the PAM login page with a browser and downloads the PAM client installer, it will be retrieved from the CDN rather than the cloud.

1. Download: Collect all required binaries from the public CloudFront links above.
2. Host: Place these files on an internal web server accessible by your workstations.
3. Configure: In the PAM UI, navigate to Settings > Global Settings > Client Settings to point the download location to your internal URL

The PAM client automatically synchronizes its local components to match the specific PAM server release upon connection. This process pulls data directly from the PAM appliance and does NOT require internet access