GlobalProtect App 5.2.5-c84 Hotfix Addressed Issues
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

The Enhanced LIVEcommunity Experience is finally here! Learn all about it.

GlobalProtect App 5.2.5-c84 Hotfix Addressed Issues

L3 Networker

A lot of issues have been fixed in this release, at least for our issues.

Haven't tested it yet but much fixes are touching our issues with standby/windows10 and split domain.

 

Addressed Issues in GlobalProtect App 5.2 (paloaltonetworks.com)

1 ACCEPTED SOLUTION

Accepted Solutions

10 REPLIES 10

L0 Member

After updating, I am not seeing any GlobalProtect logs for people on 5.2.5-c84, are any of you guys seeing the same issue?

L1 Bithead

Lots of stuff got fixed but they also broke IPsec connectivity over IPv4 (NAT) and IPv6 on macOS, 5.2.5-84 falls back to SSL with those (rolling back to 5.2.5-66 works ok). IPv4 without NAT works with IPsec with -84.. I guess there's no QA team.

I do see log entries for the people i've upgraded

So how do you mean NAT ?

We use IPv4 and clients are natted and firewalls are on private ip's behind azure public ip's so that's NAT.

No issues so far

@sebastianvd Well.. clients behind NAT will fallback to SSL and with -66 release IPsec still works without fallback.

@tigeli  Well our test users are working from home, so behind NAT of their own routers and firewalls.

They all seem to be working fine with IPSEC according to the logs.

 

At first it looked promising but we still have the gpfltdrv issue when streaming youtube.

 

They fix one thing and break 10 other things. Lack of testing and validation for sure. It's extremely frustrating. 

I was able to research this a little.. and found this info.. 

 

 

You cannot directly run 5.2.5-c84 on top of another 5.2.5 because they are the same product id and on the same release.

The only way you can upgrade to 5.2.5-c84 from another 5.2.5-x is to uninstall the old 5.2.5 first, and then install 5.2.5-c84. But if is using portal upgrade, it will be OK.

Further more, if the machine installed 5.2.4 or older release, and run 5.2.5-c84 on top of it, it should be OK. but again, there is always some risk by directly clicking on a msi if you have GP running already, also need be sure the user has the administrative privilege.

Directly click on msi should be only recommended for the initial installation when there is no other GP in the system.

 

I hope this helps a little

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items!
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!