Is it possible to prevent ZTNA connector being updated by the service?
Article ID: 417757
Updated On:
Products
Symantec ZTNA
Issue/Introduction
ZTNA admin has multiple sites created, each site having multiple connectors for redundancy.
Whenever a new connector is available, the ZTNA Whatsnew guide offers an insight into the changes and any newly installed connectors will use that new version.
Existing ZTNA connectors are automatically updated after a period of time where the updates are preceded by ZTNA status page maintenance alerts for each region.
Is it possible to avoid the connectors being upgraded automatically, so that the ZTNA admin can do it in their own time?
Environment
ZTNA connectors.
Cause
ZTNA service tries to manage the environment for the customer, and making sure that the connectors are updated regularly is part of that service.
Resolution
Create ZTNA Sites Using Site Authentication Mode (available Aug '25+). With this new feature, the ZTNA admin can now create sites using third-party container orchestrations. This method requires the Site authentication method and use of a command template to deploy connectors.
In terms of auto-updates though, the site authentication method implies that all connectors are provisioned via command using the same registration key, which has no expiration (versus the connector method requiring provisioning in the console using a One-Time Password (OTP), which remains active for 24 hours). With this approach, Symantec will not perform any auto-updates of the connector, and the responsibility will lie with the ZTNA admin.
For more information, see Create a ZTNA Admin Site.
Feedback
Yes
No
Powered by
