04-27-2024 06:24 PM
I'm looking to configure split tunneling and DNS in the following way:
If the DNS request is from a defined list, send the query to the tunnel DNS servers, if not, send through local adapter DNS. If the resulting reply contains an IP in the defined route, send it through the tunnel, otherwise out the local adapter.
Every configuration I have tried either binds the connection to the tunnel adapter if its in the domain list regardless of route config, or sends every request to every adapter until it gets a result.
04-29-2024 03:24 AM
just to make sure we're on the same page, did you set the app config Split-tunnel option to "Both Network Traffic and DNS"?
secondly: you need the GlobalProtect addon license for this to work, have you checked if it's installed/still valid ?
04-29-2024 07:54 AM
Yep, license is valid, and we have that option set. Also have experimented with the "Resolve All FQDNs Using DNS Servers Assigned by the Tunnel" and either way doesn't give us the desired outcome.
Re-reading all the docs I'm thinking what I want is not possible and I will be forced to either tunnel all DNS traffic and not define domains (so that the access routes actually work), or define domains and excluded domains (which is a large dynamic list for us). To be clear this is required because we have hosts in our defined domains that we do not want to go through the tunnel (like cloud hosted websites).
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
