- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
04-02-2020 08:13 AM - edited 04-02-2020 08:34 AM
Hello,
Did somebody successfully implement this feature ?
I'm working on GP 5.0.7 and PANOS 8.1, also we have a Global Protect Gateway license active.
I want to exclude video traffic from the VPN tunnel. So I go to my external gateway, and enable exclude video traffic. The tunnel mode is enabled, and also in the agent config, the split tunneling is enabled (ie the option "no direct access to local network" is disabled).
When I add application like dailymotion or netflix-streaming, I still can see such application going through the firewall.
When I let the application panel empty, expectation is that ALL video streaming traffic is excluded from VPN. But that is not working either.
So I'll be glad if someone encountered the same issue and resolved it 🙂
In parrallel, I'm using standard split tunneling via subnet IPs, and this is working well so far. But I want to make video traffic exclusion work.
04-08-2020 07:40 AM
Hello,
I just tested for Netflix and it works but I had to add also on the "Agent/client Settings/Split Tunnel/Domain and Application" the following exclude domains entries:
*.netflix.com 443
*.nflxvideo.net 443
04-09-2020 01:47 AM
Hi,
Yes, that's the point, so you are using domain exclusion.
It means that if you go back to your gateway configuration, Video Traffic tab and deactivate the feature to bypass video, then it will continue to work (ie netflix doesn't go through the tunnel).
What I would like is use Video Traffic feature so I don't need to add bunch of domains and IP addresses to the exclusion list.
04-09-2020 02:34 AM
Hi,
I have a case open to this problem. Unfortunately I can’t execute all the plan action asked by the support at this time (waiting the “go back” to the office J ). I’ll let you know.
I wanna just share a workaround I applied for Netflix ( 2x entries in exclude domain).
I have another challenge today: Disneyplus and Zoom. Any experience?
04-10-2020 12:38 AM
I too got a case open (since december even !) because we had some video exclusion issue with other sites too.
Looks like the agent still forwards some traffic through the tunnel initially which causes a break in the application.
First we could try netflix after trying the same stream multiple times again, but now it doesnt work anymore.
Tried several things, upgraded and stuff but no improvement. I'll keep you guys update whenever i get some info.
04-10-2020 09:37 AM
Yes, I think you're right. When using domains, firsts packets go through the tunnel and then pass to the direct connection. For me it's working.
For Zoom I add Exclude Client Application
My setup for Netflix + Zoom + Webex:
07-01-2021 05:11 AM - edited 07-01-2021 05:12 AM
Domain exclusion list for DisneyPlus for reference:
https://support.opendns.com/hc/en-us/articles/360037591112-Domains-to-Allow-for-Disney-Plus
Depending on your region, inclusion of following domains in Exclude Domain worked:
*.adobedtm.com
*.bam.nr-data.net
*.bamgrid.com
*.disney-plus.net
*.disneyplus.com
*.dssott.com
cdn.registerdisney.go.com
d9.flashtalking.com
10-08-2021 06:59 AM
Hi,
Did anyone got fresh news on that subject ? I'm actually experiencing exclusion failure with netflix too.
And adding domains one by one for every profiles and gateway configuration is not an option (risks of mistakes, time loss every time I need to had a new domain, etc).
Like MMerlier, just using the exclude video data option would be great.
Thanks all
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!