Bypass video traffic exclusion

Reply
L1 Bithead

Bypass video traffic exclusion

Hello,

 

We have GP set up and one of the settings include "Exclude video traffic from the tunnel". However, we have come across an issue that private site for developers hosted in 10.0.0.0/8 network includes internally hosted videos (http-video app-id) needed for work. So when user tries to connect to website while connected to GlobalProtect, it times out, because traffic is being pushed through physical network adapter rather than via virtual tunnel and well, 10/8 network isn't helping in this case. 

 

My question is and I really couldn't find the answer anywhere, is there anything that takes precedence before the "Exclude video traffic from the tunnel" option gets evaluated? 

 

One option would be to enable video traffic generally and exclude tens and hundreds of apps and domains that shouldn't be going via GP, but that is not very convenient/efficient. Is there a way how to include just one specific app-id or one specific IP/domain that would bypass this rule and go via GP even though video traffic is present? 

 

In GP GW configuration - Agent - Video traffic, there is no way to include specifics, only to exclude all/specifics. 

When we tried to adjust client settings config in Split Tunnel options and included required network in Access Route under Include, it still did not work as if Video traffic setting was evaluated first and traffic has been pushed via physical link.

 

Any ideas? 

Thanks in advance

Highlighted
L2 Linker

Hi ,

 

Try creating a application override policy where source as GP client ips destination as 10.0.0.0/8 subnets on required ports . So the firewall not process this traffic for app identification . Try and let me know.

 

Thanks,

Ram

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!