Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

DNS traffic outside of GlobalProtect tunnel

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

DNS traffic outside of GlobalProtect tunnel

L1 Bithead

Hello,

 

We use Global Protect to connect our employees via VPN to our site. We think we have configured it that way, that the complete traffic is tunneled to our site after establishing the Global Portect connection.

 

Now we see that unencrypted DNS traffic is visible outside the tunnel. The target adress of that DNS traffic is the IP of our Global Protect gateway (where also the DNS proxy resides). 

 

Why is this traffic not encrypted an transported via the Global Protect connection and do you have any suggestion which options could be the reason for that behaviour?

1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

@MikeHinz,

You would expect to see some limited DNS traffic happen outside of the tunnel for things like internal host detection. I'd look at what is actually being sent outside of the tunnel to validate, but you're likely seeing that traffic and it's nothing to worry about.

View solution in original post

3 REPLIES 3

Cyber Elite
Cyber Elite

Hello,

 

What does your split tunnel configuration look like? Is it just include 0.0.0.0/0? Under the app configuration of the portal there is also a flag for "Split-Tunnel-Option" what do you have selected for that?

 

Thanks,

Bradley Fergel

Cyber Elite
Cyber Elite

@MikeHinz,

You would expect to see some limited DNS traffic happen outside of the tunnel for things like internal host detection. I'd look at what is actually being sent outside of the tunnel to validate, but you're likely seeing that traffic and it's nothing to worry about.

L2 Linker

Check these settings on the App: https://docs.paloaltonetworks.com/globalprotect/5-2/globalprotect-app-new-features/new-features-rele....

 

Split tunnel Options and Resolve all FQDNs. If its still leaking out of Physical interface try different GP version. 

  • 1 accepted solution
  • 278 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!