- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
10-31-2024 01:09 AM
Hello,
We use Global Protect to connect our employees via VPN to our site. We think we have configured it that way, that the complete traffic is tunneled to our site after establishing the Global Portect connection.
Now we see that unencrypted DNS traffic is visible outside the tunnel. The target adress of that DNS traffic is the IP of our Global Protect gateway (where also the DNS proxy resides).
Why is this traffic not encrypted an transported via the Global Protect connection and do you have any suggestion which options could be the reason for that behaviour?
11-01-2024 01:44 PM
You would expect to see some limited DNS traffic happen outside of the tunnel for things like internal host detection. I'd look at what is actually being sent outside of the tunnel to validate, but you're likely seeing that traffic and it's nothing to worry about.
11-01-2024 08:24 AM
Hello,
What does your split tunnel configuration look like? Is it just include 0.0.0.0/0? Under the app configuration of the portal there is also a flag for "Split-Tunnel-Option" what do you have selected for that?
Thanks,
Bradley Fergel
11-01-2024 01:44 PM
You would expect to see some limited DNS traffic happen outside of the tunnel for things like internal host detection. I'd look at what is actually being sent outside of the tunnel to validate, but you're likely seeing that traffic and it's nothing to worry about.
11-01-2024 10:40 PM
Check these settings on the App: https://docs.paloaltonetworks.com/globalprotect/5-2/globalprotect-app-new-features/new-features-rele....
Split tunnel Options and Resolve all FQDNs. If its still leaking out of Physical interface try different GP version.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!