Exclude all Zoom traffic from GlobalProtect VPN

Reply
Highlighted
L1 Bithead

Hi @Sai_Tumuluri 

Please find attached screenshots of the config.

Screen Shot 2020-03-24 at 2.20.06 PM.pngScreen Shot 2020-03-24 at 2.21.03 PM.png

Highlighted
L4 Transporter

The simple trick I use is following

Method 1

  1. Go to URL logs and filter the traffic of interest
  2. The domain the URL logs, is the domain I would recommend to match

Method  2

Wireshark capture

 

Following is the screenshot I saw for youtube, try adding regex around Youtube

 

youtube.png


~ Sai Srivastava Tumuluri ~
Highlighted
L1 Bithead

Hi,

Same issue here GP version 5.1.1-12 

 

Have added both the Program files and AppData paths to the exclude client apps but udp 8801 is still traversing the VPN.   ALso if i add *.zoom.us to teh exclude domains and open a web browser the site errors as below.    take it out and good to go again. 

 

Any ideas?

gone.jpg

gp client.PNG

 

Highlighted
L3 Networker

Hello Everyone,

 

I have tested this on 5.0.8 and 5.1.1 and got a successful result.

When tested, I closed the zoom app before connecting to Prisma Access VPN, upon connecting, I opened the zoom client and join a meeting.

 

Here is an example of the "netstat -anob" output from my windows machine:

Screen Shot 2020-03-27 at 4.00.55 PM.png

10.10.11.3 is my Prisma Access GP IP and 10.55.80.54 is my local (physical interface) IP.

 

This is how my configuration looks like:

Screen Shot 2020-03-27 at 3.25.14 PM.png

I also tried adding the 0.0.0.0 on the include list, and the result was the same.

Screen Shot 2020-03-27 at 3.25.07 PM.png

If you are still having issues, please open up a tac case and a member of our team will be more than happy to assist troubleshooting this issue.

Highlighted
L4 Transporter

Everyone,

 

Can you start a zoom meeting with screen sharing and video ON. Add at least 2 people with video

 

While on meeting run - netstat -aenob

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClQjCAK

 

Also, for IPs in the traffic logs, enable host lookup, by checking the box at the bottom. Resolve hostname. And share the screenshot again. The above link will help

 

 

========================

 

You can open tac case with the above information or update it here


~ Sai Srivastava Tumuluri ~
Highlighted
L2 Linker

Did some more tests and I can see that all traffic going through the tunnel is:

 

                 ( addr.dst in 3.125.86.104 )

                 ( addr.dst in 34.250.58.96 )

                 ( addr.dst in 3.248.169.175 )

                 ( addr.dst in 3.11.161.246 )

                 ( addr.dst in 3.127.185.62 )

                 ( addr.dst in 52.211.174.178 )

 

The screenshots you were asking for: most of them resolves as amazonaws.com domain, but some other resolves as zoom.us domain too:

logs1.pnglogs2.png

Highlighted
L2 Linker

I am trying setting up to split zoom traffic via physical adapter following the link. All traffic goes thru tunnel except zoom.

I am not able to get it work without adding route in excluded access route. We have Gateway subscription license but not portal license.

 

Just want to confirm if we follow the following link (not mention adding route in excluded tab), Link says it needs Global protect license, Is it portal license or just gateway subscription license

 

Thank you

 

https://live.paloaltonetworks.com/t5/Prisma-Access-Articles/GlobalProtect-Implement-Split-Domain-and...

Highlighted
L3 Networker

Hi Daniel Li,

 

You need a GlobalProtect subscription for the following feature:

Split tunneling based on destination domain, client process, and video streaming application.

https://docs.paloaltonetworks.com/globalprotect/9-1/globalprotect-admin/globalprotect-overview/about...

 

Excluding routes does not require an additional license.

Highlighted
L2 Linker

Thank you SuperMario for the reply.

 

I have installed 90 days trial Global protect gateway. Is that enough ?  It does not work after following the link.  tracert  zoom.us on Window 10 shows going thru tunnel interface, not physical one  ( restart GP service a few time, no access route configured ), I use GP 5.1 for window client. Any suggestion is appreciated

 

Configuration is used in the link

https://live.paloaltonetworks.com/t5/Prisma-Access-Articles/GlobalProtect-Implement-Split-Domain-and...

 

Gplicense.JPG

 

 

Highlighted
L2 Linker

HI Sai

 

I installed 90 days trial Global protect gateway. Is that enough ?  It does not work after following the link.  tracert  zoom.us on Window 10 shows going thru tunnel interface, not physical one  ( restart GP service a few time, no access route configured ), I use GP 5.1 for window client. if add route in excluded access route. it works but zoom.us IP is changing sometime. Any suggestion is appreciated

 

Configuration is used in the link

https://live.paloaltonetworks.com/t5/Prisma-Access-Articles/GlobalProtect-Implement-Split-Domain-and...

 

Gplicense.JPG

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!