GlobalProtect, Working from Home, Prisma Access and Covid-19

Reply
Highlighted
L4 Transporter

Hi @Daniel_Li ,

 

Glad the article is helpful. I will review it and see if there is alternate option available which will provide us physical interface. If not, packet capture will be the most reliable method as specific in the document.

 

Thanks,

Nehal

Highlighted
Community Team Member

@Daniel_Li 

I would recommend that you create a new thread for this specific issue to either the GlobalProtect or General Topics discussion area, you will receiver faster response for posts like this there.

 

Stay Secure,
Joe
End of line
Highlighted
L2 Linker

Just update all

 

Split domain on GP 5.1.0 has bug and release note mention it is fixed on 5.1.2 or 5.1.1. So far it works on some machines and other machine is not working 100% for example following domain is in excluded list

GP 5.1.1 or 5.1.2

*.zoom.us      -some GP client works and some does not

*.cisco.com   -some GP client works and some does not

speedtest.net  most of time this Domain traffic will send to physical adapter

 

Still not fix yet with Tech.

 

Daniel

Highlighted
L2 Linker

Hi There,

I hope you are well. Great article at the link below..

https://live.paloaltonetworks.com/t5/general-articles/troubleshoot-split-tunnel-domain-amp-applicati...

Just on point 3, i cannot find the gpsplit logs within the globalprotect bundle. Either generating on a mac or a windows pc..
where can I find this log ?
split tunneling amazon aws is giving us hassle..

kind regards,

Rob

Highlighted
L1 Bithead

Hi,

This covers all GP related stuff.

Regards,
Thiru
Highlighted
L0 Member

I'd like to request that this information also be viewable in the GUI as well, maybe under "monitor"?
Highlighted
L4 Transporter

Hi @krankins,

 

Just to confirm, are you requesting that you should be able to review the split-tunnel configuration on GlobalProtect GUI as well ?

 

Thanks,

Nehal

Highlighted
L4 Transporter

Hi @rdonohoe23 ,

 

Thanks for the feedback. Actually gpsplit.log file is available as part of GlobalProtect logs bundle before GlobalProtect client 5.1.4 for macOS. After GlobalProtect client 5.1.4 and later, based on your macOS version you will either see gpsplit.log or PanNext.log [macOS 10.15.4 + GP 5.1.4 onwards]. For windows you can review PanGPS.log file. I will also update the document which you referred with this most current information. 

 

Thanks,

Nehal

 

Highlighted
Community Team Member

@krankins 

For any new features to be added, we recommend that you contact the Sales Group, as they are the ones who put in the Feature Requests.

North America Sales: 866-320-4788 or contact_sales@paloaltonetworks.com

Stay Secure,
Joe
End of line
L1 Bithead

We have 3 PaloAlto firewalls in 3 Datacenter as below

gp1.xyz.com
gp2.xyz.com
gp3.xyz.com

Currently around 600 users connected to a portal address "gp1.xyz.com"

We have created a new portal "gp-prod.xyz.com" which points to a load balancer and the LB performs health check of the 3 Gateways and routes traffic based on availability.

Our requirement is to change the portal address to "gp-prod.xyz.com" in all the 600 users.

When I edit the portal address at the below registry and make it "gp-prod.xyz.com" , it still doesn't change in the GP client.

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\PanSetup


Any suggestions on how the requirements can be met?

 

Tags (1)
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!