The 10.0.3 Sophos Transparent Proxy interrupts Global Protect VPN sessions.
Severity is low, as there is an EAP workaround, however, if this goes to production, there will be hundreds of Help Desk calls making the severity High.
To reproduce this specific case,
- macOS 11.2.1 (with Rosetta 2)
- arm64 MacBook Pro (16GB RAM, 256GB HD)
- Palo Alto Networks GlobalProtect VPN v.5.2.4-21
- Several servers/service (RDP, vsphere, 2factor auth web interfaces +DUO)
- slack, and Jabber...
The solution for me at this time was to
- unenroll the computer from EAP,
- check for Sophos Updates and confirm 10.0.1 was installed,
- then reenroll the computer in the EAP, but decline the Transparent Proxy authorization.
Currently no interruptions to VPN service with Sophos Transparent Proxy disabled.
This might also assist with 10.0.3 users experiencing excessive Sophos network component resource usage, but I have not confirmed that.