GloablProtect WFH Split Tunnel Domain-Include issue

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

GloablProtect WFH Split Tunnel Domain-Include issue

L1 Bithead

this semi coincides with the zoom discussion  

I've setup Split tunnel and added a bunch of domains *.whatever.com into the split tunnel include domain tab. This works half the time and the other half not at all. I've tested on mac and windows. 

I'm also seeing zoom traffic across my vpn tunnel even though I have excluded the domain names and zoom app in my exclude list. 


My only resolve is to add the ip addresses to the include or exclude list which solves the issue. But I'm sure many of you are aware with AWS and Cloudfront that is a big chunk of the internet if you are trying to access specific hostnames that are supposed to be coming from your corporate IP address. 

 

At this point the domain include/exclude and application include or exclude is not trustworthy.

 

After 3 days PA still doesn't know why its happening. So I'm bringing it to the forums to see if anyone here has any ideas or work arounds that I haven't thought of.

8 REPLIES 8

In my case , I can't see any traffic log for including domain on PAN.

 

All traffic goes through Home internet , not ipsec tunnel.

 

Any configuration need to be added on end user PC ? Mine is windows 10 and GP client is 5.1.1-12

I didn't make any changes to my client machines. 
I did make the hard but necessary decision to start using the IP routes includes and excludes as opposed to depending upon the domain-include and application include or exclude. Because of global protect driver that can pick and choose whenever it wants to function; I think traditional network may make more sense at the end of the day. I also have IPv6 turned off just for your information. 

 

 

Hi,

 

I see the same issue. I configured split for zoom app using domain and apps tab. I can see traffic in port 8801 reaching the tunnel. Any way to split this 8801port traffic?

L1 Bithead

did you find any solution for this? We also have the problem that UDP 8801 traffic from zoom client goes over tunnel although application path and domains are excluded. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!