This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

DNS traffic outside of GlobalProtect tunnel

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

DNS traffic outside of GlobalProtect tunnel

Go to solution
MikeHinz
L1 Bithead

‎10-31-2024 01:09 AM

Hello,

 

We use Global Protect to connect our employees via VPN to our site. We think we have configured it that way, that the complete traffic is tunneled to our site after establishing the Global Portect connection.

 

Now we see that unencrypted DNS traffic is visible outside the tunnel. The target adress of that DNS traffic is the IP of our Global Protect gateway (where also the DNS proxy resides). 

 

Why is this traffic not encrypted an transported via the Global Protect connection and do you have any suggestion which options could be the reason for that behaviour?

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
BPry
Cyber Elite
Cyber Elite

‎11-01-2024 01:44 PM

@MikeHinz,

You would expect to see some limited DNS traffic happen outside of the tunnel for things like internal host detection. I'd look at what is actually being sent outside of the tunnel to validate, but you're likely seeing that traffic and it's nothing to worry about.

View solution in original post

0 Likes Likes
3 REPLIES 3

Go to solution
Claw4609
Cyber Elite
Cyber Elite

‎11-01-2024 08:24 AM

Hello,

 

What does your split tunnel configuration look like? Is it just include 0.0.0.0/0? Under the app configuration of the portal there is also a flag for "Split-Tunnel-Option" what do you have selected for that?

 

Thanks,

Bradley Fergel

0 Likes Likes

Go to solution
BPry
Cyber Elite
Cyber Elite

‎11-01-2024 01:44 PM

@MikeHinz,

You would expect to see some limited DNS traffic happen outside of the tunnel for things like internal host detection. I'd look at what is actually being sent outside of the tunnel to validate, but you're likely seeing that traffic and it's nothing to worry about.

0 Likes Likes

Go to solution
arusharma
L3 Networker

‎11-01-2024 10:40 PM

Check these settings on the App: https://docs.paloaltonetworks.com/globalprotect/5-2/globalprotect-app-new-features/new-features-rele....

 

Split tunnel Options and Resolve all FQDNs. If its still leaking out of Physical interface try different GP version. 

0 Likes Likes
  • 1 accepted solution
  • 502 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks