Nominated Discussion: What Does the “No Direct Access to Local Network” Setting Do?

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community Team Member
No ratings

This article is based on a discussion, What does No Direct access to Local Network actually do and when do we use it??, posted by @Schneur_Feldman and answered by @BPry and @OtakarKlier. Read on to see the discussion and solution!


Can anyone please explain SIMPLY to me what the "No Direct access to Local Network" under Global Protect actually does and mostly when are we supposed to use it?



Basically what does it block and when should we enable it? Full tunnel? Split tunnel? Only split tunnel domain?

It restricts outgoing traffic on the local connected subnet. Instead of that traffic exiting through the local physical adapter like you would expect, the traffic is sent through the tunnel and (usually) dropped by the firewall. There's some behavioral considerations when it comes to existing traffic since macOS won't terminate the existing sessions like Windows does.


When you enable this feature really depends on your own configuration/environment requirements. I'd personally recommend enabling it across the board, but I know some environments don't go that far because it breaks local network functions like network printing to someone's home printer.


This feature is to satisfy compliance requirements around 'No Split Tunneling'. It prevents a user from being on VPN and, at the same time, connecting to their local systems on their home network (as an example).


For example: If your home subnet is and your GP subnet is

By enabling "No Direct access to Local Network," you won't be able to access for example a printer on the local network while being connected to the VPN.


Essentially you'll be cutting off Local LAN access.

Rate this article:
Register or Sign-in
Article Dashboard
Version history
Last Updated:
‎09-01-2022 09:32 AM
Updated by: