VMware Communities
Wes1
Contributor
Contributor
‎05-09-2023 05:24 AM

Workstation Pro 17.0.2 network conflict with PaloAlto GlobalProtect VPN

I recently updated to Workstation Pro v17.0.2 on a Windows 10 Enterprise machine (previously had v17.0.1 installed) which I've noted that since the update I have network connectivity issues where it appears that v17.0.2 is having a conflict/compatibility issue with the VPN on my computer, PaloAlto's GlobalProtect v6.0.3.
Through some testing, I've tracked the issue down to the point that if I do not have the VMware Authorization Service running, I can disconnect and reconnect the PaloAlto VPN without an issue, and have general network connectivity available.

As soon as I enable VMware Authorization Service whilst the VPN is running, and then disconnect the VPN, I lose all network connectivity at the Host OS level. This occurs regardless if any VMs are running or not in WP, and even occurs with all VMware virtual NICs disabled at the Host OS level. If I boot the laptop with both GlobalPtotect and Workstation Pro services enabled, I have no network connectivity.

From some netsh traces on the machine, I have determined that there is an issue with NLA related authentication traffic where it is being directed into the VMware virtual networks (I have 6 Host only virtual networks, with no VMs connected via Bridging or NAT virtual networks), and so the NLA traffic does not traverse the Palo Alto GlobalProtect VPN virtual network card resulting in a network connectivity issue on the machine (as GlobalProtect will block access to any other physical network connection).

I must make it clear, the machine was running fine with Workstation Pro 17.0.1 (and earlier) versions with this same version of Palo Alto GlobalProtect installed in the existing configuration with no issues. The issue has only started to occur since WP 17.0.2 was installed (no other modifications have been made to the machine from a software/networking configuration excluding standard MS patches.

At the moment I only have 2 options available to me to use the laptop:
1) back grade the version of WP back to 17.0.1
2) Disable VMware Authorrization Service (which means I cannot run any VMs) to use it on the network (and to use the VMs means I lose all network connectivity after restarting the service).

Has anyone else come across this issue at all, and have a solution where they will work side by side without needing to manually enable/start and stop/disable the VMWare services?

0 Kudos
2 Replies
stumpovich
Contributor
Contributor
‎10-08-2023 10:32 PM

I'm having the same issue on 17.0.0. Took me a while to figure out that it was VMWare breaking the GP traffic, except my issue only comes up intermittently when there's traffic on the VM. Wonder if there is a solution.

0 Kudos
Wes1
Contributor
Contributor
‎10-09-2023 11:10 PM

I live with the workaround that I have the VMware Authorisation Service permanently disabled, and only enable it long enough to start the service, then immediately disable it again (whilst its still running) so I can then start up VMs.

Also note that I keep all other VMware services and VMware related host level NICs permanently disabled on the PC by personal preference, partly because the VMs are a lab environment that does not require access to any network external to the host (I actually also run a Photon Router VM with multiple host only networks to allow cross-vlan traffic within my lab so the various VMs can talk to each other from different vlans/subnets).

0 Kudos