DNS Resolution

Reply
Highlighted
L3 Networker

DNS Resolution

Is there any way to segregate the traffic of DNS server through global protect.
 
example:-  I have allowed some traffic through the split tunnel and i configured internal DNS server.
scenerio:-
I connect through the global protect when i do nslookup from my system my all query will resolve by internal DNS server, However i want to segregate traffic only split tunnel traffic should be resolved by internal DNS server. Rest of the traffic should be resolved by external(8.8.8.8).Please advice 
 
Highlighted
Cyber Elite

Re: DNS Resolution

Under Gateway 

 

agent , client settings then click on split tunnel

You will see Tab on left hand side Access routes 

 

below that you see include and exclude

What ever traffic you want to exclude will use your ISP DNS server rest of traffic will use your Company DNS server.

 

 

MP
Highlighted
L3 Networker

Re: DNS Resolution

thank for your reply

 

iam using the split tunnel to allow such traffic which passing through global protect .Rest of traffic will automatically exclude by paloalto. if iam not add any thing in exclude column or it's mandatory  to add such network(Public network) to exclude and don't resolve the internal dns. please suggest

Highlighted
Cyber Elite

Re: DNS Resolution

Yes for split tunnel to work you need to exclude  network  what you want .

MP
Highlighted
L3 Networker

Re: DNS Resolution

if i want to exclude the other traffic so it's will resolve my private DNS or public DNS. Because when i try to do  nslookup it will still show my private dns and also seen in wireshark it's resolve my private dns for every query.

Highlighted
Cyber Elite

Re: DNS Resolution

Yes Traffic that is excluded will use your Private or Home ISP DNS or Google DNS which ever you have.

 

MP
Highlighted
L3 Networker

Re: DNS Resolution

i have excluded the public network but still my  private DNS is resolved.  

Highlighted
Cyber Elite

Re: DNS Resolution

When you say I exclude the public network  which subnet's you put in exclude network?

Then when you access those subnet's it will not go via the Global protect.

It will use user Home network DNS to resolve the websites.

MP
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!