https://live.paloaltonetworks.com/t5/general-topics/globalprotect-agent-blocks-dns-requests/m-p/390779#M90724 <P>Does anyone know if they ever fix this?&nbsp; Or shall we rephrase and say it is a "feature request" to unbreak this. Is there a client version that doesn't stop DNS requests.&nbsp; I don't see any mention that the GP clients fakes DNS replies to other servers.</P><P>&nbsp;</P><P>I can understand offering this for security purposes, but let's not keep it secret.</P><P>&nbsp;</P><P>This makes GP client laptops hobbled for network engineers, desktop techs, domain and DNS engineers and many more IT people.&nbsp; For many this is a foolish "feature".&nbsp; It has prevented me from troubleshooting repeatedly.</P><P>&nbsp;</P> Thu, 11 Mar 2021 20:57:19 GMT Royalfr 2021-03-11T20:57:19Z https://live.paloaltonetworks.com/t5/general-topics/globalprotect-agent-blocks-dns-requests/m-p/210047#M61362 <P>I have case open with Palo but was wondering if anyone can verify and get same result as I.</P><P>&nbsp;</P><P>I have 0.0.0.0/0 route towards tunnel.</P><P>I have Primary and Secondary DNS servers configured in GP Gateway (Network Services tab).</P><P>&nbsp;</P><P>When I perform nslookup from Windows command prompt then reply comes only if request is sent towards either Primary or Secondary DNS server in GP config.</P><P>If I change it to anything else then nslookup will fail. Wireshark packet capture taken in Windows shows as DNS reply came from DNS server with result "No such name..."</P><P>&nbsp;</P><P>Now weird thing is that no requests are logged in firewall. So it seems like Windows GP agent itself is acting as filter and decides what DNS requests are good to pass on and what not <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P>&nbsp;</P><P>By the way works fine with MAC client.</P> Fri, 13 Apr 2018 15:47:46 GMT https://live.paloaltonetworks.com/t5/general-topics/globalprotect-agent-blocks-dns-requests/m-p/210047#M61362 Raido_Rattameister 2018-04-13T15:47:46Z https://live.paloaltonetworks.com/t5/general-topics/globalprotect-agent-blocks-dns-requests/m-p/211144#M61602 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/15603">@Raido_Rattameister</a>, Hi.</P><P>I have just had a call logged with our team for the same reason, have you had any luck or progress with this.</P> Fri, 20 Apr 2018 13:43:42 GMT https://live.paloaltonetworks.com/t5/general-topics/globalprotect-agent-blocks-dns-requests/m-p/211144#M61602 Mick_Ball 2018-04-20T13:43:42Z https://live.paloaltonetworks.com/t5/general-topics/globalprotect-agent-blocks-dns-requests/m-p/211147#M61605 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/15603">@Raido_Rattameister</a>,</P><P>For whatever reason I'm remembering a conversation around this that I can't seem to find anymore, and I'm not sure it wasn't during a call/conference. Essentially it was determined that Palo Alto was dropping any DNS requests to anything besides the DNS servers configured in the agent, and that while it was a only Windows thing for the time being it didn't stretch into the macOS client due to limitations in how the OS works.&nbsp;</P><P>I suspect that the response will be that this is expected and is how the agent is supposed to be functioning.&nbsp;</P> Fri, 20 Apr 2018 13:48:12 GMT https://live.paloaltonetworks.com/t5/general-topics/globalprotect-agent-blocks-dns-requests/m-p/211147#M61605 BPry 2018-04-20T13:48:12Z https://live.paloaltonetworks.com/t5/general-topics/globalprotect-agent-blocks-dns-requests/m-p/211148#M61606 <P>OK <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/43480">@BPry</a>, thanks for your reply.</P><P>&nbsp;</P><P>it's not a big deal as using rdp to resolve issue but just wanted to make sure it's not me going nuts!</P><P>&nbsp;</P><P>thanks again.</P> Fri, 20 Apr 2018 13:50:27 GMT https://live.paloaltonetworks.com/t5/general-topics/globalprotect-agent-blocks-dns-requests/m-p/211148#M61606 Mick_Ball 2018-04-20T13:50:27Z https://live.paloaltonetworks.com/t5/general-topics/globalprotect-agent-blocks-dns-requests/m-p/211160#M61614 <P>No solution yet.</P><P>Yesterday had another screen share with Palo TAC.</P><P>Case #00859418</P> Fri, 20 Apr 2018 14:37:05 GMT https://live.paloaltonetworks.com/t5/general-topics/globalprotect-agent-blocks-dns-requests/m-p/211160#M61614 Raido_Rattameister 2018-04-20T14:37:05Z https://live.paloaltonetworks.com/t5/general-topics/globalprotect-agent-blocks-dns-requests/m-p/390779#M90724 <P>Does anyone know if they ever fix this?&nbsp; Or shall we rephrase and say it is a "feature request" to unbreak this. Is there a client version that doesn't stop DNS requests.&nbsp; I don't see any mention that the GP clients fakes DNS replies to other servers.</P><P>&nbsp;</P><P>I can understand offering this for security purposes, but let's not keep it secret.</P><P>&nbsp;</P><P>This makes GP client laptops hobbled for network engineers, desktop techs, domain and DNS engineers and many more IT people.&nbsp; For many this is a foolish "feature".&nbsp; It has prevented me from troubleshooting repeatedly.</P><P>&nbsp;</P> Thu, 11 Mar 2021 20:57:19 GMT https://live.paloaltonetworks.com/t5/general-topics/globalprotect-agent-blocks-dns-requests/m-p/390779#M90724 Royalfr 2021-03-11T20:57:19Z