For details on cookie usage on our site, read our Privacy Policy
GlobalProtect Cloud Services Route Precedence
- LIVEcommunity
- Discussions
- General Topics
- GlobalProtect Cloud Services Route Precedence
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
GlobalProtect Cloud Services Route Precedence
- Mark as New
- Subscribe to RSS Feed
- Permalink
09-27-2018 07:21 AM - last edited on 07-10-2019 07:47 PM by Retired Member
We have had overlapping subnet scenarios where someone is connecting using GlobalProtect Cloud Services from a subnet that overlaps our internal subnet and, as they have a more specific route, access to internal resources is failing as the taffic is being routed via the local router instead of over the VPN due to the more specific route. Due to the size of our internal network, adding more specific routes for all of our subnets isn't really an option and this could be undone anyway with a more specific route.
Does anyone know a way to force all internal traffic down the VPN instead of following more specific routes?
NOTE: GlobalProtect Cloud Service has changed to Prisma Access.
- Mark as New
- Subscribe to RSS Feed
- Permalink
09-27-2018 07:36 AM
Hmm.. no, but do they need local routing, seems a bit odd if your route takes precedence, or is it all the other routes that are local...
never had this issue as we do not allow split tunneling...
- Mark as New
- Subscribe to RSS Feed
- Permalink
09-28-2018 01:28 AM
We mostly see the issue when users are connecting from hotel networks so have no control on their routes. We can manually remove the local route to get the traffic down the tunnel but not the easiest solution for users.
- Mark as New
- Subscribe to RSS Feed
- Permalink
09-28-2018 01:36 AM
if you remove all routes from the gateway config on the palo alto it will auto force all traffic down the tunnel by default.
- Connect to Globalprotect from Guest Zone in GlobalProtect Discussions
- Source-NAT with POOL from GlobalProtect zone to subnet behind the MPLS router in GlobalProtect Discussions
- Strange DNS behavior - Mobile Users—GlobalProtect - Panorama Managed Prisma Access in GlobalProtect Discussions
- Best Practice for Root CA Self Signed Cert on NGFW in Next-Generation Firewall Discussions
- Acceptable packet loss over Global Protect VPN? in GlobalProtect Discussions
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
