04-22-2021 11:13 AM
After installing the April 2021 windows updates our GlobalProtect clients started having issues connecting where it would take several attempts to get connected normally seeing 3-4 connect then disconnect cycles before finally staying connected.
We confirmed that after uninstalling the windows update GlobalProtect behavior returned to normal, however these windows updates have critical security patches so uninstalling them isn't a good option. We are running GP 5.1.6 but have also tried 5.2.5 and 5.2.6 with the same results. We are running Windows 10 2004 and Windows 10 20H2.
Our GP setup has prelogin using a machine certificate and then login using client certificate along with usernname/password then MFA. We have tried fresh installs of GP and doing a reissue of the machine and client certs all give us the same behavior.
We have a Palo case open but so far they haven't found anything that has worked, I found the thread below so it looks like others are seeing the same problem and it might be related to DNS.
Has anyone else seen this behavior and found a work around or fix?
04-30-2021 10:24 AM
Hello,
Our system engineer applied the fix in the link below and this has resolved the issue for us.
04-30-2021 10:24 AM
Hello,
Our system engineer applied the fix in the link below and this has resolved the issue for us.
09-20-2021 01:14 AM
Hi All,
i would provide you the secure solution, because LLMNR enabling is not a good idee-> https://attack.mitre.org/techniques/T1557/001/
We have been working with Microsoft and PAN for several months. Enabling LLMNR should not be enabled from a security perspective, so this is not the solution.
If LLMNR was disabled via GroupPolicy, mDNS was also disabled. This error was corrected with KB5001330 with two independent reg keys. However, if LLMNR was disabled before KB5001330, mDNS was implicitly disabled as well.
With the KB5001330 install, LLMNR remained disabled by GP policy, but mDNS was re-enabled and caused the GlobalProtect problem.
With this settings you are save from the LLMNR Security flaw and GP is connecting fast:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableMDNS REG_DWORD=0 (Off)
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableMulticast REG_DWORD=0 (Off)
Have a nice day
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
