Global Protect - exclude video traffic not working
Showing results for 
Search instead for 
Did you mean: 

Global Protect - exclude video traffic not working

L0 Member



Did somebody successfully implement this feature ?

I'm working on GP 5.0.7 and PANOS 8.1, also we have a Global Protect Gateway license active.


I want to exclude video traffic from the VPN tunnel. So I go to my external gateway, and enable exclude video traffic. The tunnel mode is enabled, and also in the agent config, the split tunneling is enabled (ie the option "no direct access to local network" is disabled).


When I add application like dailymotion or netflix-streaming, I still can see such application going through the firewall.

When I let the application panel empty, expectation is that ALL video streaming traffic is excluded from VPN. But that is not working either.


So I'll be glad if someone encountered the same issue and resolved it


In parrallel, I'm using standard split tunneling via subnet IPs, and this is working well so far. But I want to make video traffic exclusion work.


L1 Bithead


I just tested for Netflix and it works but I had to add also on the "Agent/client Settings/Split Tunnel/Domain and Application" the following exclude domains entries:

*                    443

*                 443




Yes, that's the point, so you are using domain exclusion.

It means that if you go back to your gateway configuration, Video Traffic tab and deactivate the feature to bypass video, then it will continue to work (ie netflix doesn't go through the tunnel).


What I would like is use Video Traffic feature so I don't need to add  bunch of domains and IP addresses to the exclusion list.




I have a case open to this problem. Unfortunately I can’t execute all the plan action asked by the support at this time (waiting the “go back” to the office J ). I’ll let you know.

 I wanna just share a workaround I applied for Netflix ( 2x entries in exclude domain).

I have another challenge today: Disneyplus and Zoom. Any experience?

I too got a case open (since december even !) because we had some video exclusion issue with other sites too.

Looks like the agent still forwards some traffic through the tunnel initially which causes a break in the application.

First we could try netflix after trying the same stream multiple times again, but now it doesnt work anymore.

Tried several things, upgraded and stuff but no improvement. I'll keep you guys update whenever i get some info.


Yes, I think you're right. When using domains, firsts packets go through the tunnel and then pass to the direct connection. For me it's working.

For Zoom I add Exclude Client Application

My setup for Netflix + Zoom + Webex:Capture-split.JPG

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!