- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
04-14-2023 10:08 AM
I applied the April patches and rebooted and GlobalProtect is broken. PanGPS service was not running. I rolled back to my snapshot before updates and all is well. I will be doing more testing to see what I can learn, but thought I would post here to ask if others had tested the patches in a VM with the same version of GP? My Win10 21H2 OS does not have any issues.
04-16-2023 07:24 AM
There are no issues with the April patches on 22H2. Instead it appears the VMs for those versions were struggling to startup after patching and once I removed some older snapshots on the host side the performance issues went away in the VM so PanGPS started correctly.
I do think the design and execution of GlobalProtect could and should be improved. Employees do NOT have any rights to tinker with PanGPS. So if this service is not running after startup, there should be some logic built into the app to start the service...don't just squawk about it not running...FIX it if you can by trying to start again after some period of time. Since PanGPS v6.0.3 does not have any other dependencies there is just no reason to not have it take care of itself. So it looks like PanGPS was written by someone who thinks UDP is the "bees knees" when we all know it is a horrible protocol if you need your data to get there... TCP handles that reliably well, but with a performance penalty so "individuals" seem to lust after UDP instead. PanGPS suffers the same way... whatever part of GlobalProtect says to "start PanGPS" has no fault tolerance for the service not being able to start if there is a lack of resources which is a defect in my book. GlobalProtect should be able to try starting the PanGPS service if it fails to start at boot.
04-16-2023 08:28 AM
Would be good idea to upgrade GP version.
https://security.paloaltonetworks.com/CVE-2023-0006
04-17-2023 12:42 PM
Thanks for sharing the CVE. I typically get those via email as published but have been out on holiday recently.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!