https://live.paloaltonetworks.com/t5/general-topics/global-protect-policy-enforcement/m-p/322100#M82414 <P>Hi All ,</P><P>&nbsp;</P><P>I have an issue</P><P>&nbsp;</P><P><SPAN>Is there a way to use Global Protect to&nbsp; enforce web or URL&nbsp; filtering policies when users are not on the corporate LAN ?&nbsp; for now, when users work remotely , they bypass all web and&nbsp; URL filtering and security policies and download whatever threats they want.&nbsp;</SPAN></P><P>&nbsp;</P><P><SPAN>Regards</SPAN></P><P>&nbsp;</P> Fri, 10 Apr 2020 09:33:11 GMT FWPalolearner 2020-04-10T09:33:11Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-policy-enforcement/m-p/322100#M82414 <P>Hi All ,</P><P>&nbsp;</P><P>I have an issue</P><P>&nbsp;</P><P><SPAN>Is there a way to use Global Protect to&nbsp; enforce web or URL&nbsp; filtering policies when users are not on the corporate LAN ?&nbsp; for now, when users work remotely , they bypass all web and&nbsp; URL filtering and security policies and download whatever threats they want.&nbsp;</SPAN></P><P>&nbsp;</P><P><SPAN>Regards</SPAN></P><P>&nbsp;</P> Fri, 10 Apr 2020 09:33:11 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-policy-enforcement/m-p/322100#M82414 FWPalolearner 2020-04-10T09:33:11Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-policy-enforcement/m-p/322106#M82415 <P>&nbsp;Not sure what you mean, do they not connect back into the corp network via GP when working remotely.</P> Fri, 10 Apr 2020 10:16:33 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-policy-enforcement/m-p/322106#M82415 Mick_Ball 2020-04-10T10:16:33Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-policy-enforcement/m-p/322110#M82416 <P>Yes they connect to GW</P><P>&nbsp;</P><P>But as we are using Split tunneling which allows them to use Local Internet for non corp traffic</P><P>&nbsp;</P><P>We still want to enforce URL access restrictions so that they only access legitimate URLS . but we dont want to disable split tunneling</P><P>&nbsp;</P><P>So is there a way</P> Fri, 10 Apr 2020 10:20:00 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-policy-enforcement/m-p/322110#M82416 FWPalolearner 2020-04-10T10:20:00Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-policy-enforcement/m-p/322111#M82417 <P>no this s is not possible.</P><P>you should perhaps review your split tunnel policies and decide what is acceptable.</P><P>we only allow office365 and other trusted services via split tunnel.</P><P>&nbsp;</P><P>check on your firewall for the heavy usage sites and then decide&nbsp;if they can be &nbsp;excluded from the tunnel....</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 10 Apr 2020 10:27:06 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-policy-enforcement/m-p/322111#M82417 Mick_Ball 2020-04-10T10:27:06Z