To start with I just want to say I'm also working with Palo Alto on this, but figured I would come here in case someone has experience with these two:
We have recently installed a PA 5020 Firewall and while working on the Global Protect (GP) VPN are unable to get the 2 (Direct Access and GP) VPNs to function properly.
On a machine outside of the corp with no Direct Access configurations and only having GP everything works fine. DNS checks out and you have solid IPv4 routing to all of our desired networks we want access to.
On a machine that has strictly Direct Access running everything works as it has before with us able to access all the desired resources we want and were previously able to. Able to ping domain names and return with IPv6 as expected.
Now the problem comes when you try to connect the 2nd machine that has DA to GP. GP will connect properly and you have IPv4 connectivity to all devices listed in the routes that are published to it, however DNS breaks at this point. You are unable to resolve any DNS name (flushed the dns then try to ping a name and it fails), if you do a nslookup on the same name our internal DNS server does respond and provide the proper IP.
I think part of what is causing the problem is that Direct Access doesn't fully turn itself off as it should. When we had Cisco AnyConnect we had no problems and DA would shut itself after you connected to AnyConnect as it would see itself as "inside" due to it having inside access through the AnyConnect tunnel. With GP though DA still sees itself as being outside the network and does not properly disable, but while not disabled it is also not all the way connected as the various tunnel adapters are shown as disconnected and their is no MM/QM under the Security Associations within the Firewall settings.
Any suggetions would be greatly appreciated!