DNS Resolution

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

DNS Resolution

L4 Transporter
Is there any way to segregate the traffic of DNS server through global protect.
 
example:-  I have allowed some traffic through the split tunnel and i configured internal DNS server.
scenerio:-
I connect through the global protect when i do nslookup from my system my all query will resolve by internal DNS server, However i want to segregate traffic only split tunnel traffic should be resolved by internal DNS server. Rest of the traffic should be resolved by external(8.8.8.8).Please advice 
 
7 REPLIES 7

Cyber Elite
Cyber Elite

Under Gateway 

 

agent , client settings then click on split tunnel

You will see Tab on left hand side Access routes 

 

below that you see include and exclude

What ever traffic you want to exclude will use your ISP DNS server rest of traffic will use your Company DNS server.

 

 

MP

Help the community: Like helpful comments and mark solutions.

thank for your reply

 

iam using the split tunnel to allow such traffic which passing through global protect .Rest of traffic will automatically exclude by paloalto. if iam not add any thing in exclude column or it's mandatory  to add such network(Public network) to exclude and don't resolve the internal dns. please suggest

Yes for split tunnel to work you need to exclude  network  what you want .

MP

Help the community: Like helpful comments and mark solutions.

if i want to exclude the other traffic so it's will resolve my private DNS or public DNS. Because when i try to do  nslookup it will still show my private dns and also seen in wireshark it's resolve my private dns for every query.

Yes Traffic that is excluded will use your Private or Home ISP DNS or Google DNS which ever you have.

 

MP

Help the community: Like helpful comments and mark solutions.

i have excluded the public network but still my  private DNS is resolved.  

When you say I exclude the public network  which subnet's you put in exclude network?

Then when you access those subnet's it will not go via the Global protect.

It will use user Home network DNS to resolve the websites.

MP

Help the community: Like helpful comments and mark solutions.
  • 3413 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!