New Global Protect 3.0 is not good enough

Reply
Palo Alto Networks Guru

Re: New Global Protect 3.0 is not good enough

PS: The intent of this response is not to engage in a conversation of whether the app UI can be improved or not , nor the product roadmap will be discussed in this forum. For product roadmap discussion please engage with your account team to schedule one.

 

To have constructive discussion curious to understand the issues discussed in this thread.  In an Always On mode user does not interact with the application to connect or disconnect because it happens automatically for the user. The issues raised here for on-demand mode i.e. a pure remote access use case.

Lets go through the user workflow , user want to connect to VPN ,  user locates the GlobalProtect icon from system try and right clicks , the menu options appear with list of options , since the primary action of the user is to connect , the user chooses the connect option , the app will prompt the user to enter credentials and the user gets connected. Now the user does the work that needs to be done. Now the user wants to disconnect from the VPN , the user locates the GlobalProtect icon from system try and right clicks , the menu options appear with list of options , since the primary action of the user is to disconnect , the user chooses the disconnect option and VPN is disonnected.  No reason for the user to open up the app to the home screen in the primary workflow.

 

Now lets gp through the workflow when the user do open the app to the home screen.

 

user want to connect to VPN ,  user locates the GlobalProtect icon from system try and right clicks , the menu options appear with list of options , the primary action of the user is to connect , the user instead of choosing the connect option  (1 click to connect), say the user chooses to open the app , the app opens to the home screen , the user enter credentials and the user gets connected, user closes the GlobalProtect app , the user does the work that needs to be done, Now the user wants to disconnect from the VPN , the user locates the GlobalProtect icon from system try and right clicks , the menu options appear with list of options , since the primary action of the user is to disconnect , the user chooses the disconnect option and VPN is disonnected. No reason for the user to open up the app to the home screen in this workflow either.

 

Will the user try to disonnect from the home panel only during lab/poc/testing , as oppose to day to day regualr user ?

 

 

 

 

 

L3 Networker

Re: New Global Protect 3.0 is not good enough

Excellent points and I agree the UI comes into play more with an on-demand scenario.

 

In an Always On mode, the user interface comes into play during troubleshooting (or they simply want to see the status), when the user wants to have some control over it, or to like speed it up.

 

In an always on setup, I agree that they should not have to open the client much, but the gateway authentication process prompts them for their username and password on first connection (if not already placed into the client UI), but other times SSO works as it should. They also go into the client UI to update such password every time their password changes (depending on policy and requirements of various businesses). Other VPN Clients do not ask for username/password, is SSO and seamless. Ultimately this would be the most ideal as credentials are not stored.

 

It sounds like you are gearing towards having the main processes accessible via the GP submenu from the taskbar (to avoid opening up the main UI). This is fine and most folks can do that as well. Disable is there for those that need to "disconnect" from Always on for whatever reason. All it takes is double clicking the GP icon and the UI home is open or misclicking on Show panel, and the UI is shown.

 

Why are you limiting the "Status" button of the 3.x client? Having it be whatever size, as previously mentioned by others, does not make sense for some of these screens such as the "status page". It is a lot of deadspace. I rather instruct my users to go to show panel (or simply doubleclick the GP icon) because it gives them access to more data that they need, such as how they are connected, IP addresses. etc or troubleshooting. I get that you are keeping it resizable/large for essentially the details and troubleshooting tabs.

 

Menu

gp-menu.JPG

Status

gp-connected.JPG

Show Panel (shows status as well)

gp-panel.JPG

 

In the end, the user is going to open the panel at some point or two and perception is key. Especially to acceptance of the product.

pmc
L2 Linker

Re: New Global Protect 3.0 is not good enough

Jmenon,

 

Yes I'm strictly talking about the on-demand VPN. We have a 2-factor on-demand setup and don't allow the always on VPN in our network. 

 

From your post:

 

Lets go through the user workflow , user want to connect to VPN ,  user locates the GlobalProtect icon from system try and right clicks

 

I have a problem with this very first step. When I ask an end user on a Windows computer to open an application they do the following:

  1. Search for a shortcut on the desktop
  2. Search the task bar
  3. Search the start menu
  4. Perform a search

It doesn't always happen in this order but none (of my users at least) ever go to the system tray to open an application. Our end users also have many icons in their system tray that they don't know or care about. It's frustrating to try an explain to them to 'find the circle Earth shaped icon and right click.' The system tray icons are now hidden by default in the later versions of Windows so it's bad enough trying to get them to 'click on the arrow in the taskbar to expand the system tray.' 

 

It's just not how the layperson works. 

 

Do you see how frustrating this is when other (Anyconnect) VPN solutions are much cleaner and simpler?

 

Also, yes, our users will try to open the application to disconnect in day to day regular use.

 

 


@jmenon wrote:

PS: The intent of this response is not to engage in a conversation of whether the app UI can be improved or not , nor the product roadmap will be discussed in this forum. For product roadmap discussion please engage with your account team to schedule one.

 

To have constructive discussion curious to understand the issues discussed in this thread.  In an Always On mode user does not interact with the application to connect or disconnect because it happens automatically for the user. The issues raised here for on-demand mode i.e. a pure remote access use case.

Lets go through the user workflow , user want to connect to VPN ,  user locates the GlobalProtect icon from system try and right clicks , the menu options appear with list of options , since the primary action of the user is to connect , the user chooses the connect option , the app will prompt the user to enter credentials and the user gets connected. Now the user does the work that needs to be done. Now the user wants to disconnect from the VPN , the user locates the GlobalProtect icon from system try and right clicks , the menu options appear with list of options , since the primary action of the user is to disconnect , the user chooses the disconnect option and VPN is disonnected.  No reason for the user to open up the app to the home screen in the primary workflow.

 

Now lets gp through the workflow when the user do open the app to the home screen.

 

user want to connect to VPN ,  user locates the GlobalProtect icon from system try and right clicks , the menu options appear with list of options , the primary action of the user is to connect , the user instead of choosing the connect option  (1 click to connect), say the user chooses to open the app , the app opens to the home screen , the user enter credentials and the user gets connected, user closes the GlobalProtect app , the user does the work that needs to be done, Now the user wants to disconnect from the VPN , the user locates the GlobalProtect icon from system try and right clicks , the menu options appear with list of options , since the primary action of the user is to disconnect , the user chooses the disconnect option and VPN is disonnected. No reason for the user to open up the app to the home screen in this workflow either.

 

Will the user try to disonnect from the home panel only during lab/poc/testing , as oppose to day to day regualr user ?

 

 

 

 

 


 

 

 

 

 

 

 

 

 

L3 Networker

Re: New Global Protect 3.0 is not good enough

Good points. 

pmc
L2 Linker

Re: New Global Protect 3.0 is not good enough


@rbista wrote:

You didn't make any points. 


 

Are you replying to me? I'm not sure. I think I've been pretty clear but let me know if there's any points I can be clearer on.

L1 Bithead

Re: New Global Protect 3.0 is not good enough

I completely agree, the Global Protect UI is buggy and unintuitive.  We use Global Protect in on-demand mode so the lack of a clear way to disconnect is very frustrating.

 

Since migratating from Cisco ASA to PAN we've received numerous complaints from users regarding Global Protect.  Cisco AnyConnect is way more functional and intuitive to use than Global Protect.

 

The poorly designed VPN client has been the biggest pitfall of our migration to Palo Alto Networks.  If they would fix this they could improve the customer experiencly greatly.

L1 Bithead

Re: New Global Protect 3.0 is not good enough

Piling on here. I completely agree with everything in this post.  We've made similiar complaints to our reps at PA and have met with silence.

 

I made a post here about the lack of profiles in the GP client: https://live.paloaltonetworks.com/t5/General-Topics/Global-Protect-s-lack-of-connection-profiles-is-...

I don't know if it will make any difference at all, but if you agree please go in there and click the "me too" button or whatever. Nothing is going to change unless we make some noise about these issues. 

pmc
L2 Linker

Re: New Global Protect 3.0 is not good enough

I was just going through some other Global Protect threads and here's someone complaining about the UI in 2014.

 

 



Re: Global Protect client issue - really annoying

[ New ]

@jmenon - Hi! You've come out to our headquarters before and we've expressed these views to you... honestly I don't need you guys to come out and talk to us, I just need the product to perform and be intuitive for users.

 

Go copy the CheckPoint Endpoint Connect R73 client if you have to... that VPN client seems to be pretty intuitive for our users and has served us well.


Link: https://live.paloaltonetworks.com/t5/General-Topics/Global-Protect-client-issue-really-annoying/td-p...

L3 Networker

Re: New Global Protect 3.0 is not good enough

good find, looks like they missed their own statements "intuitive for users"

 

a fresh clean interface that is very simplistic to use would go a long way.

Highlighted
L3 Networker

Re: New Global Protect 3.0 is not good enough

Thank you for bringing this up. I've told multiple SE's about this and got crickets back. GP Ui is abismal and embarrasing. So glad others out there feel the same way. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!