About MikeC

@kiwi    Thanks for reply.  I fixed disconnect by restarting mgmt server   As for the roadmap, it better be.  I was told it was going to be August/September.  Just wasn't sure if that was still the case, since I haven't heard anything about it since ... View more

@BPry    I did a further test on my machine. I don't think this particular issue has anything to do with Skype.   On my machine, I started a packet capture on both my wifi interface and the GP interface. While connected to GlobalProtect, I ran command "ipconfig /registerdns".    I see two standard query SOA requests.  One of them is destined to my corporate internal DNS server (active directory)  and the other one is sent to my home wifi local connection.  I then receive the proper responses from both.    However, when the dynamic update is sent, it uses my GP interface instead of sending to our internal servers    Here's an example.  192.168.1.139 is my home IP.   172.16.x.x is my GP IP and 192.168.x.x is our internal DNS server   68.x.x.x is the Name Server IP for the domain name.  The clients should not be sending the dynamic update to this IP.     ... View more

@BPry    Understood on the skype part.  However, our clients are configured to use internal DNS servers (DNS that runs on our Domain Controllers, which are part of RFC 1918 addresses) not public facing dns servers.  We never provide clients public DNS servers, as we only allow DNS requests from our domain controllers   I don't believe while they are on VPN, they should constantly be sending their dynamic update to a public DNS server that their system is not configured to use.  It's sending these dynamic updates multiple times an hour   I should also add, that some of these users are no longer using Skype.  They have switched to Microsoft Teams.   ... View more

@BPry    Thanks for reply.  Interesting but I'm still a little confused.  All of our clients are configured to use our internal DNS servers regardless of where they are connecting from, since we use always on VPN.   The other part is these are not dns query requests...these are dynamic updates (where the client sends the update to tell the dns server what IP address their machine is using) ... View more

Hi @BPry    We do use Skype for Business.   The "no direct access to local network" is unchecked.  This was to allow users to use their home printers ... View more

Interestingly enough, the best practice guide mentions to leave the default threshold, but there is a video from Palo Alto regarding BPA and the threshold is different than the default   https://www.youtube.com/watch?v=QAuJyboFPy8 ... View more

@codyweber54 I decided to use the Windows User-ID agent instead.  No more issues, since switching to that ... View more

@kiwi I know but I went with 5.0.2 because of others informed me that a lot of bugs from 5.0.1 would be resolved in 5.0.2   @BPry So far it was only 2 users, one was windows 10 and the others windows 7.  Both dell but different models.  I have had many people successfully upgrade already.   5.0.2 has been working great for me so far ... View more

@Remo yes! I saw the email.  I'll be installing it tomorrow too (for testing)     ... View more