topic GlobalProtect idle timeout in GlobalProtect Discussions https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-idle-timeout/m-p/540221#M3978 <P><SPAN>Hello all,</SPAN></P> <P>&nbsp;</P> <P><SPAN>I would like to know your feedback with some requirements which I have to configure a GlobalProtect VPN to be used by mobile devices:</SPAN></P> <P>&nbsp;</P> <P><SPAN>1- Split tunneling: Configured and working properly, mobile devices using this VPN are sending through the VPN only the traffic of some specific subnets.</SPAN></P> <P>&nbsp;</P> <P><SPAN>2- Specific addressing based on SO: I’ve also deployed this feature successfully.</SPAN></P> <P>&nbsp;</P> <P><SPAN>3- APP/FQDN based VPN: The VPN is only connected if the user tries to use or open an specific APP or URL. This has also been deployed successfully thanks to our MDM.</SPAN></P> <P>&nbsp;</P> <P><SPAN>4- Automatic disconnection if the user has not sent traffic through the VPN after 20 minutes: Here I’m stuck…. the idle timeout should help me with this requirement, but never reaches…. GlobalProtect provides a DNS server which is behind the VPN. Because Split DNS is not a valid feature under iOS and Android… once the VPN comes UP all DNS queries goes through the VPN….</SPAN></P> <P>&nbsp;</P> <P><SPAN>So I would appreciate if you could provide me some help with the point number 4….Probably I should use another approach because on this case split dns is not an option, I’m open to new approaches.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Thanks in advance!!!</SPAN></P> Wed, 26 Apr 2023 17:07:28 GMT pasp_997 2023-04-26T17:07:28Z GlobalProtect idle timeout https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-idle-timeout/m-p/540221#M3978 <P><SPAN>Hello all,</SPAN></P> <P>&nbsp;</P> <P><SPAN>I would like to know your feedback with some requirements which I have to configure a GlobalProtect VPN to be used by mobile devices:</SPAN></P> <P>&nbsp;</P> <P><SPAN>1- Split tunneling: Configured and working properly, mobile devices using this VPN are sending through the VPN only the traffic of some specific subnets.</SPAN></P> <P>&nbsp;</P> <P><SPAN>2- Specific addressing based on SO: I’ve also deployed this feature successfully.</SPAN></P> <P>&nbsp;</P> <P><SPAN>3- APP/FQDN based VPN: The VPN is only connected if the user tries to use or open an specific APP or URL. This has also been deployed successfully thanks to our MDM.</SPAN></P> <P>&nbsp;</P> <P><SPAN>4- Automatic disconnection if the user has not sent traffic through the VPN after 20 minutes: Here I’m stuck…. the idle timeout should help me with this requirement, but never reaches…. GlobalProtect provides a DNS server which is behind the VPN. Because Split DNS is not a valid feature under iOS and Android… once the VPN comes UP all DNS queries goes through the VPN….</SPAN></P> <P>&nbsp;</P> <P><SPAN>So I would appreciate if you could provide me some help with the point number 4….Probably I should use another approach because on this case split dns is not an option, I’m open to new approaches.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Thanks in advance!!!</SPAN></P> Wed, 26 Apr 2023 17:07:28 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-idle-timeout/m-p/540221#M3978 pasp_997 2023-04-26T17:07:28Z