What is the behavior of Defenders when the Console is unreachable during upgrades?
What is the behavior of Defenders when the Console is unreachable during upgrades?
Defenders continue to alert and enforce using the policies and settings most recently cached before upgrading the Console. This ensures that security measures remain in operation, even if communication with the Console is temporarily disrupted during the upgrade process. Defenders use the last known good configuration to maintain enforcement of security policies.
D. Although older Defenders can interoperate with newer Consoles, their operation is restricted. Older Defenders fully protect your nodes using the policies and settings most recently cached before upgrading Console. They can emit audits to Console and local logs, including syslog. However, they cannot access any API endpoint other than the upgrade endpoint, and they cannot share any new data with Console. No new policies or settings can be pushed from Console to older Defenders. When Defender is in this state, its status is shown as 'Upgrade needed' in Manage > Defenders > Manage. To restore older Defenders to a fully operation state, upgrade them so that their versions match Console’s version.
In the event of a communications failure with Console, Defender continues running and enforcing the active policy that was last pushed by the management point. Events that would be pushed back to Console are cached locally until it is once again reachable. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/technology_overviews/defender_architecture
D When version mismatches, Older Defenders fully protect your nodes using the policies and settings most recently cached before upgrading Console. (https://docs.paloaltonetworks.com/prisma/prisma-cloud/20-09/prisma-cloud-compute-edition-admin/upgrade/upgrade_process )