We're experiencing a very vague issue with our GlobalProtect VPN connections in to our 4x PA-220s. Out of around 150 users, we typically peak at 90 users on the VPN(s) per day. With no more than 10 users reporting this issue (myself included). The number of affected users may be higher, with some not reporting the issue.
Symptom:
On connecting to the VPN end-point the GP client auths+connects, pulls down the routing table (clients are configured for split-tunnel). Then something seems to happen on the client that affects the PanGP NIC, causing it to fail. This in turn drops the VPN connection, which then retries - this loops & loops.
All affected are Win10.
I've tried various version of GP from 5.1.8 up to the latest 5.2.6
I've built fresh builds of Win10. Both with/without latest updates.
I've tried with/without our ESET (end-point security).
There may be a link with Hyper-V, and possibly with the "Killer" s/w that is bundled with Dell XPS laptops. But, this is inconclusive, as not all users have Dell's with "killer" WiFi.
However, on my own Dell XPS15, the following has allowed me to connect to the VPNs again with some regularity:
1. Uninstalling 'Killer' s/w.
2. Using 'Autoruns' (MS Sysinternals) to stop killer s/w from loading on startup.
3. Running `bcdedit /set hypervisorlaunchtype off` from an elevated cmd.exe and rebooting.
When the problem is manifesting for myself, if Hyper-V is enabled I see the PanGP NIC enable/disable as it attempts to connect via 'Network Connections'. Another Hyper-V NIC appears and both PanGP and the hyper-v NIC report 'attempting to authenticate'
As referenced above, not all of the affected users are running 'killer' WiFi adaptors, or using Hyper-V. Therefore, this may be a false-positive
In the morning I'll try switching my user over to being full-tunnel, to see how that affects the issue - from memory, when I did that before it started working. Therefore, it's possible that 'split tunnel' is playing a big part here
Best Regards,
