This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

Enable split tunnel for Zoom

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Enable split tunnel for Zoom

Yusuf_PA
L1 Bithead

‎07-19-2020 02:40 AM

Hi

 

We are planning to exclude all zoom traffic from Global protect VPN and currently we are using 4.1.5 GP agent version.

 

I have gone through the zoom documentation and created EDL but not getting option to exclude the EDL (external dynamic list ) in split tunnel >access route >Exclude  , Kindly suggest to enable split tunnel for Zoom traffic.

 

https://support.zoom.us/hc/en-us/articles/201362683-Network-firewall-or-proxy-server-settings-for-Zo....

EDL

Zoom

https://assets.zoom.us/docs/ipranges/Zoom.txt

Zoom meetings

https://assets.zoom.us/docs/ipranges/ZoomMeetings.txt

Zoom Cloud Room Connector

https://assets.zoom.us/docs/ipranges/ZoomCRC.txt

Zoom Phone

https://assets.zoom.us/docs/ipranges/ZoomPhone.txt

0 Likes Likes
3 REPLIES 3

vsys_remo
Cyber Elite
Cyber Elite

‎07-19-2020 03:17 PM

Hi @Yusuf_PA 

First I wantdd to mention that globalprotect 4.1 already reached it' end of life date quite a while ago (Jabuary 2019): https://www.paloaltonetworks.com/services/support/end-of-life-announcements/end-of-life-summary

You should consider an update to 5.1.

 

Not back to your question. Excluding networks in globalprotect is not possible with an EDL. You need to manually add the networks/IPs one by one or you could build an automation that fetches the IPs from the zoom URLs and configures them via API. If you need a better way to solve your problem, you should take a look into the options you have with a globalprotect subscription:

  • Include/exclude traffic based on DNS domains
  • Include/exclude traffic based on client application

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-web-interface-help/globalprotect/network-globalp...

Stribnet
L0 Member

‎08-11-2021 08:46 PM

The question that I was looking for, but not the answer I desired to see. PAN should consider adding this feature, as both domain and app path based split tunnel is not working ideally for the Zoom app.

0 Likes Likes

vsys_remo
Cyber Elite
Cyber Elite
In response to Stribnet

‎08-11-2021 10:21 PM

@Stribnet you could ask your SE about that to have a feature request created. Maybe there is already one, so you could add your vote to it.

... or as this is not working properly, you could create a TAC case to hopefully find the reason why the existing features aren't working with zoom.

0 Likes Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks