Global Protect - exclude video traffic not working

Reply
L0 Member

Global Protect - exclude video traffic not working

Hello,

 

Did somebody successfully implement this feature ?

I'm working on GP 5.0.7 and PANOS 8.1, also we have a Global Protect Gateway license active.

 

I want to exclude video traffic from the VPN tunnel. So I go to my external gateway, and enable exclude video traffic. The tunnel mode is enabled, and also in the agent config, the split tunneling is enabled (ie the option "no direct access to local network" is disabled).

 

When I add application like dailymotion or netflix-streaming, I still can see such application going through the firewall.

When I let the application panel empty, expectation is that ALL video streaming traffic is excluded from VPN. But that is not working either.

 

So I'll be glad if someone encountered the same issue and resolved it

 

In parrallel, I'm using standard split tunneling via subnet IPs, and this is working well so far. But I want to make video traffic exclusion work.

Tags (1)
Highlighted
L1 Bithead

Re: Global Protect - exclude video traffic not working

Hello,

I just tested for Netflix and it works but I had to add also on the "Agent/client Settings/Split Tunnel/Domain and Application" the following exclude domains entries:

*.netflix.com                    443

*.nflxvideo.net                 443

Capture.JPG

Highlighted
L0 Member

Re: Global Protect - exclude video traffic not working

Hi,

 

Yes, that's the point, so you are using domain exclusion.

It means that if you go back to your gateway configuration, Video Traffic tab and deactivate the feature to bypass video, then it will continue to work (ie netflix doesn't go through the tunnel).

 

What I would like is use Video Traffic feature so I don't need to add  bunch of domains and IP addresses to the exclusion list.

 

 

Highlighted
L1 Bithead

Re: Global Protect - exclude video traffic not working

Hi,

I have a case open to this problem. Unfortunately I can’t execute all the plan action asked by the support at this time (waiting the “go back” to the office J ). I’ll let you know.

 I wanna just share a workaround I applied for Netflix ( 2x entries in exclude domain).

I have another challenge today: Disneyplus and Zoom. Any experience?

Highlighted
L1 Bithead

Re: Global Protect - exclude video traffic not working

I too got a case open (since december even !) because we had some video exclusion issue with other sites too.

Looks like the agent still forwards some traffic through the tunnel initially which causes a break in the application.

First we could try netflix after trying the same stream multiple times again, but now it doesnt work anymore.

Tried several things, upgraded and stuff but no improvement. I'll keep you guys update whenever i get some info.

 

Highlighted
L1 Bithead

Re: Global Protect - exclude video traffic not working

Yes, I think you're right. When using domains, firsts packets go through the tunnel and then pass to the direct connection. For me it's working.

For Zoom I add Exclude Client Application

My setup for Netflix + Zoom + Webex:Capture-split.JPG

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!