Correct. It's an issue in PanOS and Panorama version 8.1.16.   Both Panorama and the firewalls need to be running 8.1.15 or 8.1.17. ... View more

Thanks for the confirmation!  🙂 ... View more

Correct.  The issue is with PanOS 8.1.16.  If the firewalls are running that, Panorama can't switch device context to them.  You need to downgrade Panorama and the firewalls to 8.1.15.   Or, 8.1.17 has been released, and they say this has been fixed with that release.  We haven't upgraded any firewalls yet to test this. ... View more

It depends which window manager / desktop environment you use.   Running KDE/Plasma on Ubuntu 20.04 gives me 2 separate GlobalProtect icons in the system tray.  One let's me connect/disconnect and edit configuration.  The other just sits there.  If I uninstall the GP package, both disappear.  I think one is a hold-over from having 5.1.x installed, as the second one is from 5.2.x.   Sometimes, the GUI popup shows right above the system tray, and it's easy to manipulate.  Other times, it shows in the top-right corner of the screen and requires a very fast mouse movement to get to it (using focus follows mouse).   Overall, it's nicer to use, but more flakey than the CLI version.  Will be nice once they get the GUI sorted out.  Aren't there a bunch of freedesktop/XDG standard practices for making these kinds of system tray applets work across WMs/DEs?   GP for Linux also doesn't like laptops that go to sleep while it's connected.  Requires a full deinstall/reinstall of the package to make it work again.  The dreaded "can't connect to local gpd" error. ... View more

The latest update to Chrome 85 has fixed the "Connect through NAT'd connection" issue.  Currently using Chrome  85.0.4183.102, and I can login to Panorama again.  🙂   The fix for the "Switch device context" issue is targeted for 8.1.17 sometime in October. ... View more

Possibly related to this, Google Chrome 85 is not able to login to Panorama 8.1.16 or 8.1.15-h3 through a NAT connection.  Chrome 84 and earlier have no issues logging into Panorama (regardless of version).  And, using an SSH tunnel to get to the same subnet as the Panorama server, Chrome 85 is able to login right away.   Fill in username and password, hit login, is shows the "Creating administrative session..." message, then goes to a blank screen with the spinning icon on the tab, and sits there indefinitely.  Chrome eventually pops up the "unresponsive page" dialog where you can kill it or wait.   Firefox has no issues logging in through a NAT connection, so I'm leaning toward an issue in Chrome 85.  But it only cropped up after upgrading to Panorama 8.1.16, and persisted after downgrading to 8.1.15-h3.   Chrome 85 on Windows or Linux fails to login.  Chrome 84 on Windows and Linux logs in fine.  Firefox 80 on Windows and Linux login fine. ... View more

There is no Reference Template section in Panorama 8.1.15-h3. whether creating a new Device Group, or editing an existing one. ... View more

Hrm, we were given a different bug number:  PAN-154181. ... View more

Yeah, looks like it's a bug. They're working on it. 😞   Suggested workaround is to downgrade to 8.1.15-h3 if you need to switch context in Panorama. ... View more

Correction:  looks like we can't use the drop-down list for switching to *any* of the firewalls running 8.1.16, from Panorama 8.1.16.   Guess I'll open a support ticket for this.  😞   Edit:  Case #01569614 opened. ... View more