10-07-2025 02:09 AM - edited 10-07-2025 02:10 AM
Hi,
I have a VPN-SSL GP in a FW PA. I have some "Acess routes" in include for LAN ranges (10.0.0.0/8 and 192.168.x.x) and the rest should go through ISP local user.
The issue is that I'm seeing traffic destined for the internet that shouldn't be reaching the FW via the VPN.
Goiing to agent logs i can see all routes in Linux client as OK. Default route is its ISP.
Is there any limitation in GP default route for non Windows device?
10-07-2025 06:57 AM
Hi @BigPalo ,
Which GlobalProtect client version are you running? There have been documented issues in older GP client versions where split tunneling didn’t function as expected, causing some internet-bound traffic to route through the VPN despite proper configuration.
I’d recommend updating to a more recent preferred GP client version and testing again from there.
Also, do you happen to connect to multiple different portals? I’ve seen cases where the issue ended up being agent-related. I had to connect to a completely different portal/gateway, disconnect, and then reconnect to the correct one. Spent an hour digging through configs before realizing that was the culprit. I was supporting multiple sensitive environments so upgrades with anything weren't supported as easily.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
