11-26-2020 03:54 AM
Seeing some interesting behavior with GP 5.2.4. On Windows 10 1909, GP disconnects when locking then unlocking the desktop.
- Connect to your gateway then lock the desktop. Leave the desktop locked for a minute or two.
- While locked, the device maintains an active tunnel. This is confirmed by pinging the assigned tunnel address and “show global-protect-gateway current-user | match ‘ip’”
- Unlock the desktop.
The tunnel drops and GP completely disconnects the moment the desktop is unlocked. This behavior is not seen in <= 5.2.3, nor is it seen on macOS. I’ll also note, the device is not sleeping or hibernating — I am simply locking the screen. The laptop is still connected with an active tunnel right up until the device is unlocked.
Give it a try. Let me/us know if it can be reproduced.
11-26-2020 04:25 AM
I have the same setup (GP 5.2.4, Win 10 1909), but can't reproduce the issue.
It might be worth checking the logs of GP (PanGPS, PanGPA).
11-26-2020 05:29 AM - edited 11-26-2020 05:31 AM
I do have a case open for this and they’re reviewing logs. I’m cool if it’s just me; however, I’m worried about all our other Windows hosts as everyone is configured the same (via GPO.)
One further note, when the device is locked for longer than a minute the screen goes dark per power settings. Despite this, the network is still up — including the tunnel. When I hit the enter key, the screens light up, then I enter my password and hit enter. The connection drops at that moment.
12-07-2020 09:31 AM
We have the issue and support and I have review the logs.
This seems to be related to split tunnel driver gpfltdrv
Due to COVID we are allowing some users to have split tunnel, if I move this users back to the NO split tunnel configuration the issues goes away.
Support mentioned that someone found a REG key that fixes this issue but they have not provided the key....
12-07-2020 09:52 AM
The reg key is below and it does fix the issue:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\CsEnabled from 1 to 0.
In 5.2.4, it also happens with "No direct access to local network" selected -- for us at least. I'm not keen on fixing this via a registry hack as our configs are controlled by GPO and pretty standard. This issue does not occur in <=5.2.3. So, something changed in a 5.2.4 fix that altered the client behavior.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!