ZTNA connectors installed at multiple sites in both PROD and DEV ZTNA tenant environments.

Per the ZTNA what's new documentation, the recommended version should 2.11.9 but we see a mix of 2.11.1 and 2.10.20 in the environments still.

Why are these not auto updated?

ZTNA Connector.

This typically means one of two things:

a) you only have a single connector and no failover connector: If this is the case, we will not upgrade the connector in the background as there is a risk of service interruption or

b) the connector was installed from the old docker hub and not the latest jfrog hub. For the auto managing of the connectors, we need to make sure the connector is deployed from the latest jfrog repository.

If you can go to ZTNA admin console, select sites and connector and then add the '/v1' string after the domain you can confirm the version and where it was installed from.

As an example, when I browse to the connectors on a specific site, the URL could report 'https://admin.ncash.luminatesec.com/sites/1234-5678-987-654-321'. If I add the '/v1' string after the domain to get 'https://admin.EXAMPLE.luminatesec.com/v1/sites/1234-5678-987-654-321', I get specific details on that connector as shown below:

{"id":"1234-5678-987-654-321","name":"ExampleConnector","region":"europe-west1","authentication_mode":"connector","settings":{"proxyEnabled":false,"proxyAddress":"","proxyUsername":"","proxyPassword":""},"connectors":["###-####-####-####-###"],"application_ids":["###-####-####-####-###"],"connector_objects":[{"id":"###-####-####-####-###","name":"Example-Connector-1","version":"2.11.9","registered":true,"otp":"","date_created":"2025-05-23T12:37:32.483Z","date_registered":"2025-05-23T12:37:54.97Z","date_otp_expire":"2025-05-24T12:37:32.483Z","send_logs":false,"enabled":true,"connector_status":"StatusReady","update_status":"UpToDate","update_status_info":"","internal_ip":"10.1.1.133","external_ip":"135.14.238.250[1]","hostname":"example-connector-host","geo_location":"United States,","deployment_type":"linux","kubernetes_persistent_volume_name":"","is_hidden":false,"proxy_enabled":false,"proxy_address":"","proxy_username":"","proxy_password":"","registration_key_id":null}],"site_status":{"ConnectorsUp":[{"Id":"###-####-####-####-###","last_seen":"2025-11-03T12:02:21.602593167Z"}],"ConnectorsDown":null,"ConnectorsNotConfigured":null,"ConnectorsDisabled":null,"Status":"online"},"mute_health_notification":false,"send_site_health_notification":"sendForSiteDown","kubernetes_persistent_volume_name":"","kerberos_configuration":{"domain":"","kdc_address":"","keytab_path":""},"is_hidden":false,"countCollections":1}

[1] could be any IP address referenced in the ZTNA addressing requirements KB article.

Make sure that you always have two connectors defined for each site.

If the connectors have not been deployed since 2024, we will need to re-deploy the connector using the jfrog repository (make sure firewall settings allow access to download connectors).

Once both of these steps are done, the updates will happen automatically.

All ZTNA admins were alerted to re-deploy connectors in 2024 when the following message was sent out: