03-26-2021 01:36 AM
A lot of issues have been fixed in this release, at least for our issues.
Haven't tested it yet but much fixes are touching our issues with standby/windows10 and split domain.
Addressed Issues in GlobalProtect App 5.2 (paloaltonetworks.com)
03-26-2021 09:57 AM - edited 03-26-2021 09:58 AM
After updating, I am not seeing any GlobalProtect logs for people on 5.2.5-c84, are any of you guys seeing the same issue?
03-26-2021 01:45 PM
Lots of stuff got fixed but they also broke IPsec connectivity over IPv4 (NAT) and IPv6 on macOS, 5.2.5-84 falls back to SSL with those (rolling back to 5.2.5-66 works ok). IPv4 without NAT works with IPsec with -84.. I guess there's no QA team. 😄
03-29-2021 04:13 AM
I do see log entries for the people i've upgraded
03-29-2021 04:14 AM
So how do you mean NAT ?
We use IPv4 and clients are natted and firewalls are on private ip's behind azure public ip's so that's NAT.
No issues so far
03-29-2021 04:26 AM
@sebastianvd Well.. clients behind NAT will fallback to SSL and with -66 release IPsec still works without fallback.
03-29-2021 04:41 AM
@tigeli Well our test users are working from home, so behind NAT of their own routers and firewalls.
They all seem to be working fine with IPSEC according to the logs.
03-31-2021 12:46 AM
At first it looked promising but we still have the gpfltdrv issue when streaming youtube.
03-31-2021 08:45 AM
They fix one thing and break 10 other things. Lack of testing and validation for sure. It's extremely frustrating.
03-31-2021 01:43 PM
I was able to research this a little.. and found this info..
You cannot directly run 5.2.5-c84 on top of another 5.2.5 because they are the same product id and on the same release.
The only way you can upgrade to 5.2.5-c84 from another 5.2.5-x is to uninstall the old 5.2.5 first, and then install 5.2.5-c84. But if is using portal upgrade, it will be OK.
Further more, if the machine installed 5.2.4 or older release, and run 5.2.5-c84 on top of it, it should be OK. but again, there is always some risk by directly clicking on a msi if you have GP running already, also need be sure the user has the administrative privilege.
Directly click on msi should be only recommended for the initial installation when there is no other GP in the system.
I hope this helps a little
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!