InfoSec, hate it or love it. But VPNs are part of the puzzle. Out of the usual corporate picks for VPNs Palo Alto’s Global Protect often comes out towards the top.
Integrated with its gateway/firewall appliances, some IT departments seem to love it.
But the UI and UX on Windows is just shoddy to the utmost extent.
First of all there appears to be no way for a user to control which VPN gateway to connect to. That’s just a truly bad choice. I know about latency and other metrics, but don’t tell me that the VPN gateway across the big pond or somewhere in the far east is the “best available gateway” when it is provable the single gateway I have selected as favorite is also online. Sure, routing may introduce latency as well, but none of this explains why reliably it picks against my wishes.
Of course this would be less of a problem, were all gateways the same in the sense that all of them let me access the same services/hosts inside the corporate network. They don’t and so there’s the need to pick a single gateway to be able to do my job.
No way to configure Global Protect to try harder to connect to my favorite gateway either. Time and time again I need to manually pick it in the shoddy GUI to connect to it.
Oh and it gets “better”: most of the time Global Protect will merely connect to the “best available” (== wrong from my perspective) gateway. But when you try to nudge it into picking the correct one, sometimes it’ll throw a tantrum, show an error and make sure that it takes extra effort to pick my desired gateway and then retry the connection.
Since this happens reliably and usually several times before I get connected to the desired gateway and I have this every single work day, I truly hate this shoddy piece of software. Perhaps not quite as much as CMake or Git, but in the same ballpark.
Oh and if the above weren’t enough, sometimes when you hit the Connect button Global Protect will “work” several minutes on end, trying to retrieve the gateway configuration, or so it claims. Guess what: nothing in this window allows you to cancel that process when it’s evidently stuck. Neither the TNA/systray icon, nor the window itself provide something like a cancel or exit option. The Connect button which easily could turn into a Cancel button upon lengthy connection attempts (say anything longer than 30 s) just disappears.
I am a software developer. It’s said software developers are bad at UI/UX. And there is likely a kernel of truth. But you know what? I don’t have to be educated as a classical singer to notice when someone doesn’t hit a note during a performance. Or in other words: I don’t have to be an UI/UX expert to know when something’s shit!
And don’t worry about the Edge Webview2 processes … if you can’t write good software, you can just as well do it “with a browser under the hood”.
// Oliver
PS: too many professionals these days, too few experts. Remember: professional means you’re doing it for a living, it doesn’t mean you know what you’re doing. The latter is called an expert independently of whether or not the expertise is used to make a living.