Global protect split tunnel setup

Reply
L4 Transporter

Global protect split tunnel setup

Hi

 

I have 8.1.5 on the pa and 4.1.11-9 client

 

I have setup the gateway for video traffic exclusion, and selected 

youtube-streaming

netflix-streaming 

 

But a simple test shows utube still come over the tunnel address

 

I want to allow MS Teams to by pass the tunnel, so I goto agent / client setting select my config and split tunnel 

domain and application 

 

but the app runs from 

{userprofile}\AppData\Local\Microsoft\Teams\current\Teams.exe

 

how can i enter that into the config 

L7 Applicator

Re: Global protect split tunnel setup

@Alex_Samad,

You can use the userprofile environmental variable like so:

%userprofile%\AppData\Local\Microsoft\Teams\current\Teams.exe

 

The only thing I can think with the exclusion is that you should add youtube-base and netflix-base and see if that works. I haven't tried including just the streaming app-ids to see how well that works. 

 

 

L4 Transporter

Re: Global protect split tunnel setup

Cool, I will try that with teams. I presume it runs under the current user so the env variable will point to the right place.

 

Now - do I want to include - does that mean by pass the vpn or exclude ??

 

 

 

Yeah , not getting utube to work. watching now and its still in vpn

 

So I turn on video traffic exclude

and selected utube and netflix

but its not working

 

L4 Transporter

Re: Global protect split tunnel setup

So i have found my answer. 

 

You need a license for the video split tunnel .... sigh

L7 Applicator

Re: Global protect split tunnel setup

@Alex_Samad,

That you do; this is not included within the "base" functionality of GlobalProtect included with the device. If I would have to guess I would assume that the "free" version of GlobalProtect will essentially stay at where it is currently, and all the new exciting things will be included in the license. 

L7 Applicator

Re: Global protect split tunnel setup

Hello,

While I understand why you want to do a split tunnel, its not best practice and will fail most major compliance requirements.

 

Regards,

L4 Transporter

Re: Global protect split tunnel setup

Yes understand but, we haved started to use MS teams video chat - and well hair pin turning a video stream 1/2 way around the world is a pain.  So we are looking at allowing just MS teams to have direct access out to just O365 ip's

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!