This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Global protect excluded networks

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Global protect excluded networks

fcellini
Not applicable

‎02-17-2012 02:35 AM

Hi all,

there is a method on global protect to send all my traffic into the tunnel, but exclude the subnet range of the customer to remain connected with the office network and browse the web protected from office infrastructure, but with the possibility to work on all customer network and not only on the same lan?

Thanks.

0 Likes Likes
3 REPLIES 3

sjamaluddin
L4 Transporter

‎02-22-2012 08:12 AM

Hi,

Do you want to remain connectd to the local LAN and have only the traffic intended for the remote office tunneled? If so, you'd want to configure split tunneling on the PAN FW  such that the Global Protect Clients access the remote Office LAN via the tunnel and all other traffic (to the Internet and local LAN) via their own ISP and local connection.

However, you cannot configure this on the Global Prorect Client itself - Access Routes (split tunneling) are configured on the PAN FW.

If your requirement is different from what is explained here, please explain further.

Thanks

0 Likes Likes

fcellini
Not applicable
In response to sjamaluddin

‎02-22-2012 08:26 AM

Thats not exactly what i said... i want all traffic from my pc when i'm from a customer goes by tunnel to my office, included my internet connection, and exclude from the tunnell only the subnet who i have to the customer.

EX all 0.0.0.0/0 Pa-500 to office...(all traffic internet included)

10.50.0.0 Network customer excluded from tunnel.

So i can reach all that i want inside my customer network without disconnect vpn connection.

The vpn split as i see on PA i can specify the network to tunnel but i can't exclude a specific network, but is a things possible on small router with cisco vpn integrated isn't possible on Paloalto FW?

0 Likes Likes

bpappas
L6 Presenter
In response to fcellini

‎02-22-2012 07:00 PM

@fcellini:

Your requirement looks like it is not currently supported by the available GP configuration options. I would suggest talking to your sales team to have them file a feature request for this use case.

As a workaround you could defined all networks in the access routes with the exclusion of the 10.150.0.0/24 subnet. This should work as a short term band-aid for your use case.

-Benjamin

  • 2486 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks