https://live.paloaltonetworks.com/t5/globalprotect-discussions/azure-virtual-desktops-integration-with-global-protect-nightmare/m-p/1237319#M7002 <P>Having an enormously hard time implementing Global Protect on Azure.&nbsp; No matter what happens, after installing and executing Global Protect on Azure virtual desktop, VPN tunnel 100% severs RDP communication to the Azure virtual desktop.</P> <P>&nbsp;</P> <P>Had Palo Alto check routing and network and it appears to be sound.&nbsp; Recommendations were: 1) Network =&gt;Global Protect =&gt;Gateways =&gt; Authentication (Allow authentication with&nbsp; User credentials or client certificate) changed to Yes (User Credentials or Client certificate required) 2) Network =&gt; global Protect =&gt; Portals =&gt; Agent =&gt; Agent config =&gt; Pre-Logon Tunnel Rename Timeout (sec) (Windows Only) changed to -1, and 3) Network =&gt; Global Protect =&gt; Gateways =&gt; Agent =&gt; Client Settings =&gt; Config =&gt; Split Tunnel entered the /24 subnet of the client&nbsp; &nbsp;workstation&nbsp; inorder to&nbsp; RDP to the Azure Virtual desktop in the &lt;EXCLUDE&gt;&nbsp; section.&nbsp; &nbsp;&nbsp;</P> <P>So, far all recommendations are not appearing to work and everytime the tunnel is executed by excluding the /24 subnet that the client workstation is trying to RDP to Azure Virtual desktop, the tunnel but kills the RDP connection.&nbsp; Only way to recover Azure Virtual Desktop is to totally destroy the Virtual Desktop and recreate it.&nbsp; In addition, instead of putting the subnet of where the workstation RDP'ing to the Azure Virtual Desktop, also tried to use 0.0.0.0/0 default gateway as another alternative in the &lt;EXCLUDE&gt; section to no avail.</P> <P>&nbsp;</P> <P>Any advice and or recommendations would be enormously appreciated!!!!!!</P> <P>&nbsp;</P> <P>Regards,&nbsp;&nbsp;</P> Fri, 05 Sep 2025 02:29:42 GMT wechang 2025-09-05T02:29:42Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/azure-virtual-desktops-integration-with-global-protect-nightmare/m-p/1237319#M7002 <P>Having an enormously hard time implementing Global Protect on Azure.&nbsp; No matter what happens, after installing and executing Global Protect on Azure virtual desktop, VPN tunnel 100% severs RDP communication to the Azure virtual desktop.</P> <P>&nbsp;</P> <P>Had Palo Alto check routing and network and it appears to be sound.&nbsp; Recommendations were: 1) Network =&gt;Global Protect =&gt;Gateways =&gt; Authentication (Allow authentication with&nbsp; User credentials or client certificate) changed to Yes (User Credentials or Client certificate required) 2) Network =&gt; global Protect =&gt; Portals =&gt; Agent =&gt; Agent config =&gt; Pre-Logon Tunnel Rename Timeout (sec) (Windows Only) changed to -1, and 3) Network =&gt; Global Protect =&gt; Gateways =&gt; Agent =&gt; Client Settings =&gt; Config =&gt; Split Tunnel entered the /24 subnet of the client&nbsp; &nbsp;workstation&nbsp; inorder to&nbsp; RDP to the Azure Virtual desktop in the &lt;EXCLUDE&gt;&nbsp; section.&nbsp; &nbsp;&nbsp;</P> <P>So, far all recommendations are not appearing to work and everytime the tunnel is executed by excluding the /24 subnet that the client workstation is trying to RDP to Azure Virtual desktop, the tunnel but kills the RDP connection.&nbsp; Only way to recover Azure Virtual Desktop is to totally destroy the Virtual Desktop and recreate it.&nbsp; In addition, instead of putting the subnet of where the workstation RDP'ing to the Azure Virtual Desktop, also tried to use 0.0.0.0/0 default gateway as another alternative in the &lt;EXCLUDE&gt; section to no avail.</P> <P>&nbsp;</P> <P>Any advice and or recommendations would be enormously appreciated!!!!!!</P> <P>&nbsp;</P> <P>Regards,&nbsp;&nbsp;</P> Fri, 05 Sep 2025 02:29:42 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/azure-virtual-desktops-integration-with-global-protect-nightmare/m-p/1237319#M7002 wechang 2025-09-05T02:29:42Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/azure-virtual-desktops-integration-with-global-protect-nightmare/m-p/1237420#M7005 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/146535">@wechang</a>,</P> <P>Can you detail a little bit more what the traffic flow actually looks like? If I understand things properly:</P> <UL> <LI>You're installing GlobalProtect as an agent on the Azure VDI machines.</LI> <LI>You have another client machine that is&nbsp;<EM>already&nbsp;</EM>using GlobalProtect to the same portal/gateway?</LI> <LI>When you attempt to RDP to the Azure VDI machine (which is connected to GlobalProtect) from a client machine (which is connected to GlobalProtect) you cannot form a VPN session?</LI> </UL> <P>&nbsp;</P> <P>I don't have experience using Azure Virtual Desktop, but just looking at the configuration briefly it looks like your actual session hosts are placed on a traditional VNet. Is there a reason that you aren't just using a tunnel on either a VM-series or a simple VPN Gateway?&nbsp;</P> Fri, 05 Sep 2025 20:37:54 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/azure-virtual-desktops-integration-with-global-protect-nightmare/m-p/1237420#M7005 BPry 2025-09-05T20:37:54Z