I am facing the same issue. We are currently running 8.1.9-h4. We have User-ID configured and first thing I did was to remove specified AD groups from policies to "Any". Also, under User Identification Networks include/exclude I have disabled those to eliminate that possibility. I have an on-going case open with support but it seems to be at a dead end since we are unable to re-create the issue on demand. When I check the logs on the firewall the username does not populate but it should still work as I changed to "Any". And it is just going straight to the Deny policy with a bunch of not-applicable or incomplete as the application. As if the tcp handshake can not be completed. It is as if the connection is stale. I am still connected to the GlobalProtect but I am not able to access any internal or external resources. Only solution is to disconnect and reconnect GlobalProtect connection. We are running full tunnel so I am wondering if it could be related to local ISP and Internet congestion issues. Anyways, just wanted to share my expericne. If I happened to find a solution I will be sure to update this feed. My next steps is to either update PAN-OS or try an updated GlobalProtect Client version. Please let me know if there is a solution to this issue.
... View more