Global Protect sensor turns off NIC card when moving networks

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Global Protect sensor turns off NIC card when moving networks

L2 Linker

We recently upgraded to Global Protect 6.2.4  with a test group of users, (Windows 10 machines) and users who try to change networks, either going from Wi-Fi to another Wi-Fi network or hotspot or Ethernet to Wi-Fi/vice versa, all of a sudden have their Network Adapter card shut off. This actually also happened with version 6.1.5 which we tried first. If you remove the client, this does not happen to the machines. The only recourse is rebooting. Since we have bldgs with multi floors and users are not going to shut down and reboot while moving between floors, it is a real problem. 

14 REPLIES 14

Cyber Elite
Cyber Elite

Im actually able to replicate this as well, still currently looking into it in my environment. However, the issue appears to be that its trying to switch between IPv4 and IPv6. Running a packet capture on my machine and pinging 8.8.8.8 I can see that traffic consistently, but then when I switch to a different wifi as you stated I then start consistently doing IPv6. I disabled IPv6 on my wireless network adapter and things started working immediately. I can replicate the issue on 6.2.3 as well but not 6.2.2.

L1 Bithead

We also are running into this issue. We have a case open with Palo and sent them a link to this discussion. I also started looking into the ipv6 setup on the machines having issues, but were not sure if that was the root cause since the issue is hard to replicate consistently.

L2 Linker

Our case is still pending, we are still trying to gather additional evidence as requested. We do not have ipv6 enabled in the profiles, its intermittent for sure, but we can re-create it. We had a user this morning, unplug from the docking station (ethernet), walk a few feet to a conference room and then had no internet connection available, wi-fi showing disabled. We grabbed his client logs, but they are not showing anything. We are going to check additional Window Event logs as well. 

L1 Bithead

I will save you the trouble, Palo is going to tell you its a Microsoft issue, which it may very well be but.... We have the same issue but related to sleep/hibernate ever since updating from 6.1.1 to version 6.2.4.  As other have stated tested several other versions 6.1.5, 6.1.3, an 6.2.3, the only version we could not re-create the issue on was 6.1.1 but that version has some vulns.  We had some success by making sure ipv6 was disabled on all interfaces including the pangp virtual adapter but not 100% success.  We could also recreate the issue by just putting the device into Airplane mode for a minute or so.

 

This was the Palo response:

I have completed a thorough analysis of the situation you've reported, focusing on the potential cause of the Wi-Fi adapter being disabled on your Windows 10 device. Here is a summary of our findings:

Files Reviewed:
GlobalProtect Logs:

PanGPS Log: Reviewed thoroughly, and no errors were detected that would suggest GlobalProtect is causing the Wi-Fi adapter to disable.
PanGPA Log: Similarly, this log was analyzed and showed no indications of malfunction or errors related to network interface management.
PanGP Event Log: We found routine entries with no unusual activity or errors that could be linked to the Wi-Fi issue.

System Information:
The system environment, drivers, and network configurations appear to be standard, with nothing unusual noted that would cause concern from the GlobalProtect side.

Additional Findings:
Search for Similar Cases: We conducted a search for similar cases both internally and externally, but we did not find any known issues or reported cases where GlobalProtect was responsible for disabling a Wi-Fi adapter on Windows 10.

Known Windows 10 Issues:
It’s important to note that there are documented issues with Windows 10 regarding network interfaces, particularly after sleep or hibernation. These issues can sometimes require administrative intervention or a system reboot to restore the network interface.
Below are some relevant resources that discuss these issues:
Windows 10/11 and Network Interface Issues: These articles discuss how network interfaces, including Wi-Fi, may become disabled after the device wakes from sleep or hibernation, sometimes without any involvement from VPN clients.
https://answers.microsoft.com/en-us/windows/forum/all/windows-11-wifi-gone-after-sleep/8bb483e7-437c...

Microsoft Community Article
Interaction with VPN Clients: Some VPN clients, including older versions of GlobalProtect, have been known to have issues managing network interfaces after the device resumes from sleep, though these instances are rare.
https://learn.microsoft.com/en-us/answers/questions/880035/vpn-fails-after-sleep-wake-on-windows-10

L2 Linker

Thanks for the reply. I too was told they "searched" and could not find any related cases, but clearly there is an issue with higher versions of the sensor. We also upgraded because 6.1.2 had vulnerabilities. 

L2 Linker

One of our customers also has this issue.

Their devices have cellular and wireless connectivity.

When the issue occurs they cannot connect to any wireless network.

 

Did anyone manage to identify a bug ID or any workaround for this issue?

 

Our customer is trying a few different GlobalProtect client versions including 6.3.1

L1 Bithead
 

c8d689b0-8a57-448b-a7e1-e107f54f67e1.jpg

 I found this in the release notes of 6.3.1, having our users that are having issues test this version out.

L2 Linker

We finally did get this escalated and are doing testing with a version that is in beta. Won't be able to roll it out until general release but we are pending to get it to our initial pilot group once we get the o.k. from Palo. 

So during your escalation is PaloAlto stating they have taken responsibility of this issue and that a new version of GP may resolve it?

 

I am also curious if your are only seeing this issue when moving from network to network or do you have the issue during changes in power state such as coming out of sleep or hibernation.  Our issue is when devices come out of sleep or hibernation.  Can also be simulated by putting a device into and out of airplane mode.

L2 Linker

So yes it happens moving network to network like ethernet to wireless and vice versa, coming out of hibernation or sleep (sometimes) and during our testing with airplane mode. 

 

They have not come out and admitted anything but it is seemingly fixed within the new beta version we are testing. 

L2 Linker

So our ticket got closed without resolution unfortunately. They would not release the hotfix to us. We had to downgrade people back to 6.1.2 which has those vulnerabilities. 

L0 Member

Palo told us "Additionally, we noticed that your current GlobalProtect version is 6.2.4, which is not the preferred stable version for environments like yours.
The recommended version for your setup is 6.2.3
"

 

So they recommended to run a version with the known Local Privilege escalation vulnerabilities?..

When I reminded them about the CVE https://security.paloaltonetworks.com/CVE-2024-5915.

They said "Please update to 6.3.1" Which i again had to remind them..

https://docs.paloaltonetworks.com/globalprotect/6-3/globalprotect-app-release-notes/known-issues-rel...

GPC-20983 - When a Windows computer resumes from sleep, the GlobalProtect app remains stuck in the connecting stage.
Workaround: Restart the PanGPS service.

 

not happy, and neither are our 1700+ users on GP who have to reboot 2-3 times a day.

L1 Bithead

6.2.5 was released yesterday ad we have started testing. It appears to fix a lot of the issues we were running into on 6.2.2 and 6.2.4. Running good so far.

Echoing what @DylanSilves has stated. Initial testing of the version has looked promising. 

  • 2069 Views
  • 14 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!