https://live.paloaltonetworks.com/t5/globalprotect-discussions/dns-traffic-outside-of-globalprotect-tunnel/m-p/615971#M6057 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/145258">@MikeHinz</a>,</P> <P>You would expect to see <EM>some </EM>limited DNS traffic happen outside of the tunnel for things like internal host detection. I'd look at what is actually being sent outside of the tunnel to validate, but you're likely seeing that traffic and it's nothing to worry about. </P> Fri, 01 Nov 2024 20:44:25 GMT BPry 2024-11-01T20:44:25Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/dns-traffic-outside-of-globalprotect-tunnel/m-p/615854#M6047 <P>Hello,</P> <P>&nbsp;</P> <P>We use Global Protect to connect our employees via VPN to our site. We think we have configured it that way, that the complete traffic is tunneled to our site after establishing the Global Portect connection.</P> <P>&nbsp;</P> <P>Now we see that unencrypted DNS traffic is visible outside the tunnel. The target adress of that DNS traffic is the IP of our Global Protect gateway (where also the DNS proxy resides).&nbsp;</P> <P>&nbsp;</P> <P>Why is this traffic not encrypted an transported via the Global Protect connection and do you have any suggestion which options could be the reason for that behaviour?</P> Thu, 31 Oct 2024 08:09:51 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/dns-traffic-outside-of-globalprotect-tunnel/m-p/615854#M6047 MikeHinz 2024-10-31T08:09:51Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/dns-traffic-outside-of-globalprotect-tunnel/m-p/615948#M6053 <P>Hello,</P> <P>&nbsp;</P> <P>What does your split tunnel configuration look like? Is it just include 0.0.0.0/0? Under the app configuration of the portal there is also a flag for "Split-Tunnel-Option" what do you have selected for that?</P> <P>&nbsp;</P> Tue, 16 Dec 2025 13:39:57 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/dns-traffic-outside-of-globalprotect-tunnel/m-p/615948#M6053 Claw4609 2025-12-16T13:39:57Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/dns-traffic-outside-of-globalprotect-tunnel/m-p/615971#M6057 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/145258">@MikeHinz</a>,</P> <P>You would expect to see <EM>some </EM>limited DNS traffic happen outside of the tunnel for things like internal host detection. I'd look at what is actually being sent outside of the tunnel to validate, but you're likely seeing that traffic and it's nothing to worry about. </P> Fri, 01 Nov 2024 20:44:25 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/dns-traffic-outside-of-globalprotect-tunnel/m-p/615971#M6057 BPry 2024-11-01T20:44:25Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/dns-traffic-outside-of-globalprotect-tunnel/m-p/615989#M6062 <P>Check these settings on the App:&nbsp;<A href="https://docs.paloaltonetworks.com/globalprotect/5-2/globalprotect-app-new-features/new-features-released-in-gp-app/split-dns#:~:text=With%20the%20Split%2DTunnel%20Option,in%20addition%20to%20network%20traffic" target="_blank">https://docs.paloaltonetworks.com/globalprotect/5-2/globalprotect-app-new-features/new-features-released-in-gp-app/split-dns#:~:text=With%20the%20Split%2DTunnel%20Option,in%20addition%20to%20network%20traffic</A>.</P> <P>&nbsp;</P> <P>Split tunnel Options and Resolve all FQDNs. If its still leaking out of Physical interface try different GP version.&nbsp;</P> Sat, 02 Nov 2024 05:40:40 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/dns-traffic-outside-of-globalprotect-tunnel/m-p/615989#M6062 arusharma 2024-11-02T05:40:40Z