https://live.paloaltonetworks.com/t5/general-topics/allow-traffic-to-specified-hosts-networks-when-enforce/m-p/345843#M86399 <P>Hi,</P><P>&nbsp;</P><P>I want to use the feature&nbsp;<STRONG>Enforce GlobalProtect for Network Access.&nbsp;</STRONG></P><P>&nbsp;</P><P><SPAN>Outside the company, users must use Global Protect to network access, but when users are on the company site, they should be able to access the local company network. </SPAN></P><P><SPAN>For that I use the parameter "Allow traffic to specified hosts/networks when Enforce GlobalProtect Connection for Network Access is enabled and GlobalProtect Connection is not established" with my specific local network address. its works.</SPAN></P><P>&nbsp;</P><P><SPAN>But the local company network also allows internet access for users, but this remains blocked because only the local network is authorized in exclusion.&nbsp;</SPAN></P><P>&nbsp;</P><P><SPAN>Is this possible to fix this way ?</SPAN></P><P>&nbsp;</P><P><SPAN>Thanks for your help</SPAN></P><P>&nbsp;</P><P>&nbsp;</P> Fri, 28 Aug 2020 12:28:33 GMT fd9999 2020-08-28T12:28:33Z https://live.paloaltonetworks.com/t5/general-topics/allow-traffic-to-specified-hosts-networks-when-enforce/m-p/345843#M86399 <P>Hi,</P><P>&nbsp;</P><P>I want to use the feature&nbsp;<STRONG>Enforce GlobalProtect for Network Access.&nbsp;</STRONG></P><P>&nbsp;</P><P><SPAN>Outside the company, users must use Global Protect to network access, but when users are on the company site, they should be able to access the local company network. </SPAN></P><P><SPAN>For that I use the parameter "Allow traffic to specified hosts/networks when Enforce GlobalProtect Connection for Network Access is enabled and GlobalProtect Connection is not established" with my specific local network address. its works.</SPAN></P><P>&nbsp;</P><P><SPAN>But the local company network also allows internet access for users, but this remains blocked because only the local network is authorized in exclusion.&nbsp;</SPAN></P><P>&nbsp;</P><P><SPAN>Is this possible to fix this way ?</SPAN></P><P>&nbsp;</P><P><SPAN>Thanks for your help</SPAN></P><P>&nbsp;</P><P>&nbsp;</P> Fri, 28 Aug 2020 12:28:33 GMT https://live.paloaltonetworks.com/t5/general-topics/allow-traffic-to-specified-hosts-networks-when-enforce/m-p/345843#M86399 fd9999 2020-08-28T12:28:33Z https://live.paloaltonetworks.com/t5/general-topics/allow-traffic-to-specified-hosts-networks-when-enforce/m-p/345897#M86412 <P>Hello,</P> <P>When the users are on the company network, are they are required to VPN in also? I would start with the Logs to see why the traffic is getting blocked. Might need additional policies.</P> <P>&nbsp;</P> <P>Regards,</P> Fri, 28 Aug 2020 20:53:30 GMT https://live.paloaltonetworks.com/t5/general-topics/allow-traffic-to-specified-hosts-networks-when-enforce/m-p/345897#M86412 OtakarKlier 2020-08-28T20:53:30Z https://live.paloaltonetworks.com/t5/general-topics/allow-traffic-to-specified-hosts-networks-when-enforce/m-p/346107#M86451 <P>HI&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/153554">@fd9999</a>&nbsp;</P><P>&nbsp;</P><P>The best solution will be to create an internal gateway , so the GP agent can connect to internal gateway and users will get internet through the firewall.&nbsp;</P><P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClH1CAK" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClH1CAK</A></P><P>&nbsp;</P><P>Thanks,</P><P>Ram</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 31 Aug 2020 20:42:03 GMT https://live.paloaltonetworks.com/t5/general-topics/allow-traffic-to-specified-hosts-networks-when-enforce/m-p/346107#M86451 RamprakashRT 2020-08-31T20:42:03Z https://live.paloaltonetworks.com/t5/general-topics/allow-traffic-to-specified-hosts-networks-when-enforce/m-p/346236#M86483 <P>No, on the company network, users shouldn't use GP. They have local network access and internet throught firewall.&nbsp;</P><P>When GP is disconnected, traffic is getting blocked by GP restriction, so i can only use my local network (cause i declared my network in exclusion)</P> Tue, 01 Sep 2020 12:10:19 GMT https://live.paloaltonetworks.com/t5/general-topics/allow-traffic-to-specified-hosts-networks-when-enforce/m-p/346236#M86483 fd9999 2020-09-01T12:10:19Z https://live.paloaltonetworks.com/t5/general-topics/allow-traffic-to-specified-hosts-networks-when-enforce/m-p/346240#M86485 <P>We would like to use VPN only outside the company.</P> Tue, 01 Sep 2020 12:20:24 GMT https://live.paloaltonetworks.com/t5/general-topics/allow-traffic-to-specified-hosts-networks-when-enforce/m-p/346240#M86485 fd9999 2020-09-01T12:20:24Z