WeakHostSend config on Windows being Enabled for Wifi adapter post connecting to GP
28633
Created On 06/10/20 13:18 PM - Last Modified 03/16/21 02:07 AM
Symptom
- When GP is connected, WeakHostSend/WeakHostReceive status through the Windows PowerShell is changed from Disabled to Enabled.
- PowerShell output while GP is disabled:
PS C:\WINDOWS\system32> Get-NetIPInterface | ft interfacealias,weakhostreceive,weakhostsend interfacealias WeakHostReceive WeakHostSend -------------- --------------- ------------ Bluetooth Network Connection Disabled Disabled Local Area Connection* 2 Disabled Disabled Local Area Connection* 1 Disabled Disabled Loopback Pseudo-Interface 1 Disabled Disabled WiFi Disabled Disabled Bluetooth Network Connection Disabled Disabled Local Area Connection* 2 Disabled Disabled Local Area Connection* 1 Disabled Disabled Loopback Pseudo-Interface 1 Disabled Disabled WiFi Disabled Disabled
- PowerShell Output when GP is connected:
PS C:\WINDOWS\system32> Get-NetIPInterface | ft interfacealias,weakhostreceive,weakhostsend interfacealias WeakHostReceive WeakHostSend -------------- --------------- ------------ Ethernet 4 Disabled Disabled Bluetooth Network Connection Disabled Disabled Local Area Connection* 2 Disabled Disabled Local Area Connection* 1 Disabled Disabled Loopback Pseudo-Interface 1 Disabled Disabled WiFi Disabled Enabled Ethernet 4 Disabled Disabled Bluetooth Network Connection Disabled Disabled Local Area Connection* 2 Disabled Disabled Local Area Connection* 1 Disabled Disabled Loopback Pseudo-Interface 1 Disabled Disabled WiFi Disabled Enabled <======
Environment
Global Protect Client 5.0 & 5.1
Cause
When Optimized Split Tunnelling Feature is enabled (i.e. when Domain-Based Split-Tunnelling or Application-based Split-Tunnelling is not enabled), then GP 5.x will enable both "WeakHostSend" and "WeakHostReceive" on all adapters (Physical and Virtual).
Resolution
RECOMMENDED RESOLUTION:
- With GP 5.0.x and 5.1.x, the administrator may configure a fake Domain-based Split-Tunnelling (to example.org for instance), which will make sure that WeakHost feature is disabled on all adapters
- In addition to this, one of the issues caused by enabling WeakHostSend is Delay in DNS Resolution. (Please see Note below)
NOTE:
With DNS Split-Tunnelling feature introduced in GP 5.2, there should be no delay in DNS resolution irrespective of the status WeakHostSend feature.