- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
01-13-2017 02:07 PM
Hi,
I'm using GlobalProtect 3.0.1-10 as the VPN client on Windows 7, and this Win7 system is running inside the VirtualBox on my Ubuntu 14.04.
I have observed several times that after I connect the VPN and keep it running for several days, the system memory will be consumed by GlobalProtect completely, which can be seen from the Task Manager "Performance" tab. I also noticed, when this happened, a large number of background processes called "32bitProxy.exe" in the Task Manager "Processes" tab.
I'm not sure if I have to connect the VPN in order to reproduce this issue, but this happens every time after I connect the VPN.
Does anyone have any ideas why this happened?
I found this post: PAN-OS 6.0.3: Addressed Issues which mentions the Issue #63862 that says “A backend process was using an excessive amount of memory, causing an out of memory condition.” Could this be related with the issue I'm currently having?? But this post seems to be talking about a different product other than GlobalProtect.
Below are the screenshots of comparison between the initial state and when the memory was all comsumed.
01-13-2017 02:20 PM
Please see HERE: This is an addresssed isue in 3.0.2.
FYI, GlobalProtect is NOT meant to be ran for days, nor is any other SSL VPN client. If you are keeping something like this open constatly you should be using an IPSEC tunnel not a VPN client.
01-13-2017 02:20 PM
Please see HERE: This is an addresssed isue in 3.0.2.
FYI, GlobalProtect is NOT meant to be ran for days, nor is any other SSL VPN client. If you are keeping something like this open constatly you should be using an IPSEC tunnel not a VPN client.
01-16-2017 07:06 AM
Hi @BPry,
Thanks for your reply!
By the way, I looked at the "Details" tab on my GlobalProtect window and it said the protocol being used was "IPSec". Does this mean I'm already using the IPSec tunnel as you mentioned?
01-16-2017 11:52 AM
Sorry after reading your question again an actual site-to-site IPsec tunnel doesn't make a lot of sense for your situation. One thing to keep in mind is that GlobalProtect, and AnyConnect or WatchGuard's client for that matter, is meant to be used as an on-demand VPN client. It really isn't meant to be kept running for days. This is why all VPNs are configured with a timeout, which is something you would have had to disable to actually get this to run for 'days' as you mentioned.
01-16-2017 01:09 PM - edited 01-16-2017 01:10 PM
Hi @BPry,
Thanks again for your information! Excuse me if I ask stupid questions because I don't have much experience with the VPN-related technologies.
I get your message that the clients you mentioned are not supposed to run for ever. Therefore, now I start to re-think how I should achieve my business goal.
My situation is like below:
As you pointed out that the VPN clients are NOT designed to keep running long time, I'm thinking that:
Appreciate it very much for your time of reading this and if you could shed some light on me!
01-16-2017 01:24 PM
I would really try and get a site to site VPN setup for the client in that type of situation. You still get the security benefit of a VPN, and they can limit your access so that you only have direct access to whatever data you actually need. The customer really shouldn't have any issues with this type of setup as they can setup the routes and what not to make sure that you meet the security requirements that they deem fit.
If you explain to their network team what you are trying to accomplish they really shouldn't have any issues with this; most large businesses will have this type of work already done for exactly the type of situation that you are pointing out. Really I would setup a site-to-site tunnel before I ever disabled the time-out on any of my GlobalProtect clients; and a site to site is just really 'better suited' for what you are trying to accomplish here.
01-17-2017 04:41 AM
Thank you @BPry for your time, information and suggestions!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!