https://live.paloaltonetworks.com/t5/general-topics/global-protect-excluded-networks/m-p/30852#M22580 <HTML><HEAD></HEAD><BODY><P>@fcellini:</P><P></P><P>Your requirement looks like it is not currently supported by the available GP configuration options. I would suggest talking to your sales team to have them file a feature request for this use case.</P><P></P><P>As a workaround you could defined all networks in the access routes with the exclusion of the 10.150.0.0/24 subnet. This should work as a short term band-aid for your use case.</P><P></P><P>-Benjamin</P></BODY></HTML> Thu, 23 Feb 2012 03:00:16 GMT bpappas 2012-02-23T03:00:16Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-excluded-networks/m-p/30849#M22577 <HTML><HEAD></HEAD><BODY><P>Hi all,</P><P></P><P>there is a method on global protect to send all my traffic into the tunnel, but exclude the subnet range of the customer to remain connected with the office network and browse the web protected from office infrastructure, but with the possibility to work on all customer network and not only on the same lan?</P><P></P><P>Thanks.</P></BODY></HTML> Fri, 17 Feb 2012 10:35:15 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-excluded-networks/m-p/30849#M22577 fcellini 2012-02-17T10:35:15Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-excluded-networks/m-p/30850#M22578 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Do you want to remain connectd to the local LAN and have only the traffic intended for the remote office tunneled? If so, you'd want to configure split tunneling on the PAN FW&nbsp; such that the Global Protect Clients access the remote Office LAN via the tunnel and all other traffic (to the Internet and local LAN) via their own ISP and local connection.</P><P></P><P>However, you cannot configure this on the Global Prorect Client itself - Access Routes (split tunneling) are configured on the PAN FW.</P><P></P><P>If your requirement is different from what is explained here, please explain further.</P><P></P><P>Thanks</P></BODY></HTML> Wed, 22 Feb 2012 16:12:01 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-excluded-networks/m-p/30850#M22578 sjamaluddin 2012-02-22T16:12:01Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-excluded-networks/m-p/30851#M22579 <HTML><HEAD></HEAD><BODY><P>Thats not exactly what i said... i want all traffic from my pc when i'm from a customer goes by tunnel to my office, included my internet connection, and exclude from the tunnell only the subnet who i have to the customer. </P><P></P><P>EX all 0.0.0.0/0 Pa-500 to office...(all traffic internet included)</P><P></P><P>10.50.0.0 Network customer excluded from tunnel.</P><P></P><P>So i can reach all that i want inside my customer network without disconnect vpn connection.</P><P></P><P>The vpn split as i see on PA i can specify the network to tunnel but i can't exclude a specific network, but is a things possible on small router with cisco vpn integrated isn't possible on Paloalto FW?</P></BODY></HTML> Wed, 22 Feb 2012 16:26:31 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-excluded-networks/m-p/30851#M22579 fcellini 2012-02-22T16:26:31Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-excluded-networks/m-p/30852#M22580 <HTML><HEAD></HEAD><BODY><P>@fcellini:</P><P></P><P>Your requirement looks like it is not currently supported by the available GP configuration options. I would suggest talking to your sales team to have them file a feature request for this use case.</P><P></P><P>As a workaround you could defined all networks in the access routes with the exclusion of the 10.150.0.0/24 subnet. This should work as a short term band-aid for your use case.</P><P></P><P>-Benjamin</P></BODY></HTML> Thu, 23 Feb 2012 03:00:16 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-excluded-networks/m-p/30852#M22580 bpappas 2012-02-23T03:00:16Z