GlobalProtect Gateway DNS Settings Ignored on IOS Devices

GlobalProtect Gateway DNS Settings Ignored on IOS Devices

39727
Created On 09/26/18 13:48 PM - Last Modified 06/13/23 02:09 AM


Resolution


Issue

A primary and secondary DNS server is configured on the GlobalProtect gateway. However, IOS devices running the Palo Alto Networks GlobalProtect client do not seem to be using the DNS servers for name resolution when connected to the gateway.

Resolution

This is a known limitation with IOS devices when using split tunneling. There are two workarounds for this issue:

  • Disable split tunneling by setting the access route to 0.0.0.0/0 in the Global Protect Gateway settings
  • The other option is to configure a DNS suffix for the zones that should be resolve by the DNS servers configured in GlobalProtect Portal. This will force the IOS device to use the GlobalProtect issued DNS server for the zones\domains defined in the suffix. All other queries will use the locally configured DNS settings.

owner: jteetsel
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClpKCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language