topic DNS Query Blocking for Remote VPN Users in GlobalProtect Discussions https://live.paloaltonetworks.com/t5/globalprotect-discussions/dns-query-blocking-for-remote-vpn-users/m-p/591302#M5535 <P>We have an environment that has a requirement where GP DNS Queries need to be blocked from Remote VPN users if those queries are destined to specific domains A and B (proxy servers). This requirement aims to achieve split-tunneling where a remote VPN user would reach the cloud server of these&nbsp;domains but using the host physical interface when reaching out to those specific domains, instead of being backhauled through the GP VPN tunnel. We have been able to achieve something similar in Cisco through Cisco DNS policies and were able to define the action NXDOMAIN for query responses received through Remote VPN tunnel which result in user reaching out to the domains through physical interface but we are trying to achieve the same using GP Agent.&nbsp;<BR /><BR />Important values about the GP configuration&nbsp;<BR />On-Demand&nbsp;<BR />Split-Tunnel Option: Network Traffic only&nbsp;<BR />Resolve All FQDN using DNS Servers assigned: Yes&nbsp;<BR /><BR /></P> Sat, 06 Jul 2024 21:46:53 GMT User868 2024-07-06T21:46:53Z DNS Query Blocking for Remote VPN Users https://live.paloaltonetworks.com/t5/globalprotect-discussions/dns-query-blocking-for-remote-vpn-users/m-p/591302#M5535 <P>We have an environment that has a requirement where GP DNS Queries need to be blocked from Remote VPN users if those queries are destined to specific domains A and B (proxy servers). This requirement aims to achieve split-tunneling where a remote VPN user would reach the cloud server of these&nbsp;domains but using the host physical interface when reaching out to those specific domains, instead of being backhauled through the GP VPN tunnel. We have been able to achieve something similar in Cisco through Cisco DNS policies and were able to define the action NXDOMAIN for query responses received through Remote VPN tunnel which result in user reaching out to the domains through physical interface but we are trying to achieve the same using GP Agent.&nbsp;<BR /><BR />Important values about the GP configuration&nbsp;<BR />On-Demand&nbsp;<BR />Split-Tunnel Option: Network Traffic only&nbsp;<BR />Resolve All FQDN using DNS Servers assigned: Yes&nbsp;<BR /><BR /></P> Sat, 06 Jul 2024 21:46:53 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/dns-query-blocking-for-remote-vpn-users/m-p/591302#M5535 User868 2024-07-06T21:46:53Z