GlobalProtect 5.2.4 disconnects when unlocking screen
cancel
Showing results for 
Search instead for 
Did you mean: 

GlobalProtect 5.2.4 disconnects when unlocking screen

L1 Bithead

Seeing some interesting behavior with GP 5.2.4. On Windows 10 1909, GP disconnects when locking then unlocking the desktop.
To reproduce:

- Connect to your gateway then lock the desktop. Leave the desktop locked for a minute or two.
- While locked, the device maintains an active tunnel. This is confirmed by pinging the assigned tunnel address and “show global-protect-gateway current-user | match ‘ip’”

- Unlock the desktop.

 

The tunnel drops and GP completely disconnects the moment the desktop is unlocked. This behavior is not seen in <= 5.2.3, nor is it seen on macOS.  I’ll also note, the device is not sleeping or hibernating — I am simply locking the screen.  The laptop is still connected with an active tunnel right up until the device is unlocked.

 

Give it a try. Let me/us know if it can be reproduced.

10 REPLIES 10

L4 Transporter

Hello @sampley 

I have the same setup (GP 5.2.4, Win 10 1909), but can't reproduce the issue.

It might be worth checking the logs of GP (PanGPS, PanGPA).

I do have a case open for this and they’re reviewing logs. I’m cool if it’s just me; however, I’m worried about all our other Windows hosts as everyone is configured the same (via GPO.)

 

One further note, when the device is locked for longer than a minute the screen goes dark per power settings. Despite this, the network is still up — including the tunnel. When I hit the enter key, the screens light up, then I enter my password and hit enter. The connection drops at that moment. 

We have the issue and support and I have review the logs.

This seems to be related to split tunnel driver gpfltdrv

Due to COVID we are allowing some users to have split tunnel, if I move this users back to the NO split tunnel configuration the issues goes away.

 

Support mentioned that someone found a REG key that fixes this issue but they have not provided the key....

The reg key is below and it does fix the issue:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\CsEnabled from 1 to 0.

 

In 5.2.4, it also happens with "No direct access to local network" selected -- for us at least. I'm not keen on fixing this via a registry hack as our configs are controlled by GPO and pretty standard. This issue does not occur in <=5.2.3.  So, something changed in a 5.2.4 fix that altered the client behavior.

L1 Bithead

TAC just let me know this will be fixed in 5.2.5.

 

From TAC:

"When end user locks laptop screen, machine may enter into modern standby. With our initial modern standby support GP re-do network discover after wakeup from modern standby. That causes tunnel to re-created after unlock screen.

So, we identify the issue and fix will be targeted on GP app version 5.1.8, 5.2.5."

L1 Bithead

This has been fixed in 5.1.8 -- Tested and confirmed. The fix in 5.2.5 will be released in a couple days -- 01/07 I believe.

We are on the 5.2 path due to additional requirements.  When would 5.2.X will have a fix for this issue?

TAC says Jan 7th for 5.2.5.

We are on 5.2.5 and still seeing some problems that sound awfully similar to this.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!