I was looking forwad to the 'new and improved' Global Protect.
I am still very dissapointed at how it works from a UI standpoint.
When I am connected to the VPN how do I disconnect? Is there a button hiding around in this awful GUI? The only way I know of is to go to the task bar and do it from there. Can anyone please let me know of another way?
Why Am I able to resize the GUI so it's smaller than the minimal size required? It's not a deal breaker but really just signs of shoddy programming.
The user's need 1 button - Connect.
Once the VPN is connected change the button to Disconnect.
I wish you would hurry up and design it so it's something like Anyconnect:
Here's my post from last year wondering about the same problems, I was hoping that PA engineers were listening but I'm still waiting for a Global Protect application that's as equal quality to the rest of the PA platform.
While I'm still in rant mode here's a few other quirks that are frustrating.
When a user is connected to the VPN the 'Connect' button should be greyed out as they are already connected:
People often get confused as most applications have a UI that conforms to this. People will see the connect button still clickable and keep trying to connect rather than looking at the status window below.
Ways to improve this:
Another possible issue, I attempted to remove the 'Enable Advanced Mode' option in the PA's client config section and it just displays a blank panel. Anyone know what the use of this panel is for?
Edit - Anyone know how I tag/label this post with Globalprotect?
I wholeheartedly agree with this. I have brought it up with multiple people at ignite this year and previously with product managers.
The programming you refer to is a few minutes in visual studio for the UI, but can be cosmetically improved 1000 fold. I understand they were going for function, but we are in a world where the user experience matters. If the user experience is not great, they won't accept and use the product.
They made a change so that they can provide updates to GlobalProtect without having to wait for OS updates, which is great and needed for the development of the product, so hopefully they will utilize that and we see improvements via that route.
I opened a case about the Connect button that doesn't turn into a disconnect button when connected. Product management refused to acknowledge it was a shortcoming and instead said it was a design decision that it works like that. I will make a feature request to my SE to add a Disconnect button in the panel.
Question for you guys...Other than the UI / asthetics are there any detractors over AnyConnect?
My company has around 3,000 remote users at peak, but typically around 1,500. A great feature around the ASA is a function called CWS. Essentially it allows us to cloud enable web content filtering. With CWS we can allow clients to go "direct out" to the Internet w/o having to force all remote clients back to a corporate HQ get processed and then sent back out to the Internet.
Unfortunately CWS only works for HTTP(S) traffic.
With GP can we leverage PAN-DB and have users get filtered in the cloud as well?
Only way I can see you doing that is if you deploy their PAN FW VM on AWS or Azure, get URL Filtering and have your Gateway be that VM, instead of back home in HQ.
Their whole idea around GlobalProtect and I have to agree, is leveraging the features of the PAN firewall like the threat prevention suite, but you can certainly do that in a VM out in the cloud.
It is not just the UI, that is just one thing in a list of things that can be improved.
another issue is the upgrading process or lack of allowing us to do inplace upgrades so we can deploy using other deployment methods like SystemCenter. The upgrade process has left users stranded without GlobalProtect installed since the 2nd phase never completed.
Another is performance related. GP IPSEC gets to about the same speeds as SSL VPN with anyconnect, which should not be happening. If I run SSLVPN on GP, its horribly slower. Definitely would like to see it improved/optimized, I should be able to push a decent amount of traffic when you have the bandwidth on both ends of the connection.
I don't want to take away from the sole purpose of this thread, which is the cosmetic/UI.
Better release notes here:
Other features are tied to PAN OS 7.1 - https://www.paloaltonetworks.com/documentation/71/globalprotect
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!