topic Re: Split tunnel is not working for Linux/IOS devices in General Topics

Split tunnel is not working for Linux/IOS devices

BigPalo — Tue, 07 Oct 2025 09:10:30 GMT

Hi,

I have a VPN-SSL GP in a FW PA. I have some "Acess routes" in include for LAN ranges (10.0.0.0/8 and 192.168.x.x) and the rest should go through ISP local user.

The issue is that I'm seeing traffic destined for the internet that shouldn't be reaching the FW via the VPN.

Goiing to agent logs i can see all routes in Linux client as OK. Default route is its ISP.

Is there any limitation in GP default route for non Windows device?

Re: Split tunnel is not working for Linux/IOS devices

JayGolf — Tue, 07 Oct 2025 13:57:42 GMT

Hi @BigPalo ,

Which GlobalProtect client version are you running? There have been documented issues in older GP client versions where split tunneling didn’t function as expected, causing some internet-bound traffic to route through the VPN despite proper configuration.

I’d recommend updating to a more recent preferred GP client version and testing again from there.

Also, do you happen to connect to multiple different portals? I’ve seen cases where the issue ended up being agent-related. I had to connect to a completely different portal/gateway, disconnect, and then reconnect to the correct one. Spent an hour digging through configs before realizing that was the culprit. I was supporting multiple sensitive environments so upgrades with anything weren't supported as easily.

Re: Split tunnel is not working for Linux/IOS devices

BigPalo — Wed, 08 Oct 2025 09:46:42 GMT

GP client version is 6.2.8. I think that coud be a limitation in non-windows devices to add the default route or something like this.

The users only use one portal.

Re: Split tunnel is not working for Linux/IOS devices

BPry — Thu, 09 Oct 2025 00:58:06 GMT

@BigPalo,

Did you follow the recommendation that @reaper gave you in your last post regarding this? Anything that isn't macOS or Windows handles this differently and implementing split DNS is going to actually allow this to function properly.

Re: Split tunnel is not working for Linux/IOS devices

BigPalo — Thu, 09 Oct 2025 07:24:59 GMT

But my issue is related to browser traffic http/https to INTERNET. DNS for GP users is internal DNS customer, but then the request to web server should take ISP local I dont understand why split DNS applies to me.

thanks

Re: Split tunnel is not working for Linux/IOS devices

D.Shanmugam906589 — Thu, 09 Oct 2025 10:09:56 GMT

GlobalProtect now extends Split DNS-Include functionality to iOS platforms in addition to Linux, Windows, and macOS.

Split-DNS -Exclude functionality is not supported on iOS platforms.

Configure Split DNS for GlobalProtect App on iOS Endpoints

Re: Split tunnel is not working for Linux/IOS devices

BigPalo — Thu, 09 Oct 2025 13:12:37 GMT

Sorry but i dont understand that config. This issue is happening in IOS and LINUX (UBUNTU). Not only IoS.

We dont have any domain and application in the tunnel. Just some internal access routes include for LAN CUSTOMER RANGES. All the rest should go by local user ISP.

DNS in GP config are the internal but when the domain is solved, the HTTP/HTTPS sessions shoud take ISP not GP. Thats the point. Why this is not working.

route 0.0.0.0/0 by local ISP in GP is installed, i can see in GPagent logs. But INTERNET traffic is still going to GP