5.2.5 has a nasty bug in which has affected a few hundred remote worker staff as we rolled it out..
Problem 1 - Hotfix now available
The IP6 and IP4 conflict for DNS resolution when sending AAAA and A requests
Problem 2 - Hotfix is seen as older version and will not auto update users
we then see the Hotfix is released to fix this issue, however the Hotfix is seen as a LOWER version of 5.2.5.
It doesn't deploy from the firewall with Allow Transparent upgrade.
When you do the MSI it says there is a new version of Global Protect already installed!
Can Palo Alto Fix this?
Other random Problem related to this
we also tested rolling out to 5.2.5 on a number of users with no issues except for anyone on 5.2.4 got caught in an update/download loop with allow transparent upgrades.
I think reading the Hotfix notes this is fixed, but not a major problem for us as we only had a small number of users on 5.2.4.
I personally can't wait for 5.2.6 but part of me tells me this will have major issues given the recent disruption 5.2.5 has given us!
This has caused so much stress for all afflicted by this. Maybe Palo Alto can widen their test pools to avoid such issues?