I have set up a GlobalProtect gateway in Panorama (software version 220.127.116.11) and configured it for split tunnel, however the configuration is not applying to the firewall (PA850 - software version 8.1.6)
When a commit is attempted, you will get messages about success, warnings, or failures.
Right now, we do not know any of this information.
Please attempt to push your configuration from the Panorama, but be logged into the FW that is not working.
At lower right corner, open tasks, and watch as config from Panorama is being pushed to FW.
Copy any error/warning messages.
Let us know if you do not see these messages, which would mean that Panorama is not speaking to FW.
We have seen the very same issue on quite a few of our customers.
The big issue is not that the split tunnel config is not pushed, but actually the Panorama pushes a blank split tunnel config to the firewall.
This causes quite a few issues if the policy set does not allow internet access from the GlobalProtect zone.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!