https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-split-tunnel-dns-resoleving-problems-in-macos/m-p/594200#M5643 <P>hey,&nbsp;</P> <P>i recently got an issue with a user that got a new MacOs laptop that had an issue with connecting to internal resources, looks like Chrome and Ping and also other client application would not work because the dns is not resolved.</P> <P>&nbsp;</P> <P>there is an Apple feature called "Private Relay" it basically acts like a "vpn" that routes traffic through some gateway so the ISP etc wont see the user's traffic. that was probably collide with the GP client.&nbsp;</P> <P>if this feature is enabled on the user's intune this will be enabled by default on a new device that is linked to this user's intune.</P> <P>this feature can be disabled on the user MacOS</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="DorMarcovitch_0-1723010525131.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/61368i1CA6B90E26484CD3/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="DorMarcovitch_0-1723010525131.png" alt="DorMarcovitch_0-1723010525131.png" /></span></P> <P><A href="https://support.apple.com/en-il/102602" target="_blank">https://support.apple.com/en-il/102602</A>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Wed, 07 Aug 2024 06:03:04 GMT DorMarcovitch 2024-08-07T06:03:04Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-split-tunnel-dns-resoleving-problems-in-macos/m-p/594200#M5643 <P>hey,&nbsp;</P> <P>i recently got an issue with a user that got a new MacOs laptop that had an issue with connecting to internal resources, looks like Chrome and Ping and also other client application would not work because the dns is not resolved.</P> <P>&nbsp;</P> <P>there is an Apple feature called "Private Relay" it basically acts like a "vpn" that routes traffic through some gateway so the ISP etc wont see the user's traffic. that was probably collide with the GP client.&nbsp;</P> <P>if this feature is enabled on the user's intune this will be enabled by default on a new device that is linked to this user's intune.</P> <P>this feature can be disabled on the user MacOS</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="DorMarcovitch_0-1723010525131.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/61368i1CA6B90E26484CD3/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="DorMarcovitch_0-1723010525131.png" alt="DorMarcovitch_0-1723010525131.png" /></span></P> <P><A href="https://support.apple.com/en-il/102602" target="_blank">https://support.apple.com/en-il/102602</A>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Wed, 07 Aug 2024 06:03:04 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-split-tunnel-dns-resoleving-problems-in-macos/m-p/594200#M5643 DorMarcovitch 2024-08-07T06:03:04Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-split-tunnel-dns-resoleving-problems-in-macos/m-p/594504#M5650 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/218161">@DorMarcovitch</a> ,</P> <P>&nbsp;</P> <P>Thank you for sharing this.</P> <P>&nbsp;</P> <P>Note that you can also prevent the use of private relay on network level by blocking the DNS resolution for these two FQDNs</P> <PRE><CODE>mask.icloud.com mask-h2.icloud.com</CODE></PRE> <P>As described by Apple documentation - <A href="https://developer.apple.com/icloud/prepare-your-network-for-icloud-private-relay/" target="_blank">https://developer.apple.com/icloud/prepare-your-network-for-icloud-private-relay/</A></P> Fri, 09 Aug 2024 13:52:00 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/global-protect-split-tunnel-dns-resoleving-problems-in-macos/m-p/594504#M5650 aleksandar.astardzhiev 2024-08-09T13:52:00Z