To me it sounds like a Bug, how am i supposed to update 3700+ laptops in the field in an enterprise environment where users do not have adm rights. with remote working we have 200 + users we cannot really call into sites. (we are disabling IP6 as a quick fix on both PANGP and the wifi adapters!) We opted to use the firewalls to update so users have a brief disconnect/reconnect upon logon before they got too engrossed in work. Once we started getting a number of calls in we stopped the updates to users, but as the bug is so random it can affect a working user half way trough the day, or allow a broken user to come to life half way through the day where as some users are permanently broken. Extremely frustrating this hotfix not being a newer version than it's major release version. Please Palo Fix!
... View more
5.2.5 has a nasty bug in which has affected a few hundred remote worker staff as we rolled it out.. Problem 1 - Hotfix now available The IP6 and IP4 conflict for DNS resolution when sending AAAA and A requests Problem 2 - Hotfix is seen as older version and will not auto update users we then see the Hotfix is released to fix this issue, however the Hotfix is seen as a LOWER version of 5.2.5. It doesn't deploy from the firewall with Allow Transparent upgrade. When you do the MSI it says there is a new version of Global Protect already installed! Can Palo Alto Fix this? Other random Problem related to this we also tested rolling out to 5.2.5 on a number of users with no issues except for anyone on 5.2.4 got caught in an update/download loop with allow transparent upgrades. I think reading the Hotfix notes this is fixed, but not a major problem for us as we only had a small number of users on 5.2.4. I personally can't wait for 5.2.6 but part of me tells me this will have major issues given the recent disruption 5.2.5 has given us! This has caused so much stress for all afflicted by this. Maybe Palo Alto can widen their test pools to avoid such issues?
... View more