https://live.paloaltonetworks.com/t5/globalprotect-discussions/traffic-not-following-the-route/m-p/389660#M995 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/156069">@Pawel_G</a>&nbsp;group mapping is not controlled through the User-ID agent, so losing connection can't impact group mapping</P><P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/83320">@JoergSchuetter</a>&nbsp;have you tried reinstalling+upgrading to 5.1.8 the GP agent on one of the affected devices? I've seen something similar both with a bug in the GP agent, and an install that somehow failed to properly bind the gp virtual interface</P> Mon, 08 Mar 2021 06:43:27 GMT reaper 2021-03-08T06:43:27Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/traffic-not-following-the-route/m-p/389379#M989 <P>Hello</P><P>&nbsp;</P><P>We have set split tunnel for our Win10 clients, GP is version 5.1.6 and 5.2.5. PAN-OS is 9.1.7.</P><P>- default route to firewall</P><P>- bypass tunnel for some network ranges (e.g. MS-Teams)</P><P>- bypass tunnel for some URLs (e.g. MS-Teams)</P><P>- enable DNS-Split</P><P>&nbsp;</P><P>For a small fractions of the users I see the MS-Teams traffic sent back to the firewall (expected was it is bypassing the tunnel).</P><P>The routing table on the client looks correct. Based on the routes the traffic should never be sent via the tunnel.</P><P>We tried to remedy a potential issue with the network interface with "netsh int ip reset" as administrator, same result.</P><P>&nbsp;</P><P>Any idea what could cause such a strange behavior?</P> Fri, 05 Mar 2021 14:27:57 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/traffic-not-following-the-route/m-p/389379#M989 JoergSchuetter 2021-03-05T14:27:57Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/traffic-not-following-the-route/m-p/389442#M990 <P>Hello,</P><P>&nbsp;</P><P>I would recommend to you to take logs from the Global Protect Client at the time when user is trying to connect to Teams.</P><P>I would also collect logs from FW from user IP to see what is destination of Teams Server that user is trying to connect. Microsoft is adding IP ranges all the time for different servers around the world. How many Agents Portals, Gateways did you create?</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 05 Mar 2021 16:57:07 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/traffic-not-following-the-route/m-p/389442#M990 Pawel_G 2021-03-05T16:57:07Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/traffic-not-following-the-route/m-p/389559#M993 <P>Hello <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/156069">@Pawel_G</a>&nbsp;</P><P>Unfortunately there is nothing in the logs which raises my attention.</P><P>The traffic seen on the firewal is sent to an IP address which is covered by split tunnel.</P> Sat, 06 Mar 2021 19:21:38 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/traffic-not-following-the-route/m-p/389559#M993 JoergSchuetter 2021-03-06T19:21:38Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/traffic-not-following-the-route/m-p/389649#M994 <P>Hello Joerg,</P><P>&nbsp;</P><P>I would also check your User ID Agent for logs. Sometimes when User ID loose connection to Agent, GP will not pickup Group that you specify.</P><P>Also I would&nbsp; collect packet captures.</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 08 Mar 2021 04:59:47 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/traffic-not-following-the-route/m-p/389649#M994 Pawel_G 2021-03-08T04:59:47Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/traffic-not-following-the-route/m-p/389660#M995 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/156069">@Pawel_G</a>&nbsp;group mapping is not controlled through the User-ID agent, so losing connection can't impact group mapping</P><P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/83320">@JoergSchuetter</a>&nbsp;have you tried reinstalling+upgrading to 5.1.8 the GP agent on one of the affected devices? I've seen something similar both with a bug in the GP agent, and an install that somehow failed to properly bind the gp virtual interface</P> Mon, 08 Mar 2021 06:43:27 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/traffic-not-following-the-route/m-p/389660#M995 reaper 2021-03-08T06:43:27Z