Global Protect Office 365 Split Tunnel
cancel
Showing results for 
Search instead for 
Did you mean: 

Global Protect Office 365 Split Tunnel

L3 Networker

Hi All,

 

I have configured split tunnel for O365 but I have an issue that I can't seem to nail. All seem to be working except when I open Outlook I get a connection error. I have all the URLs and IPs specified by Microsoft in the split tunnel configuration but it still does not work. Strange thing is if I open outlook before the Globalprotect connection, Outlook remains connected and I can refresh the connection using the Connection Status reconnect without an issue, the moment I close down Outlook and re-open it I get the error?

 

I have a TAC case raised but thought the community may have an idea what's going on. Any clues?

 

TIA

 

Regards

 

Adrian

2 REPLIES 2

L7 Applicator

This sounds like it could be a NLA issue. Network location awareness...  i would google “network location awareness vpn” to save me an essay....

 

There are a few solutions offered on the live-community but everyones setup is different, they include running ipconfig/flushdns, disable ipv6 etc... we also had an issue where the NLA was disabled via group policy, i will dig out the setting and post.

L3 Networker

i have several cases open and recently closed.

We had a working onprem 8.1.13 / 5.1.8 GlobalProtect running without issues.

When migrating to Azure 9.1.6/5.2.X we've ran in all kind of issues.

I've created a powershell script to download the office365 optimize/allow ranges and have them added automatically in Panorama/policies. 

 

Outlook when using GP on the office was slow or not connecting but at home users did not have any issues, youtube not working etc

First of all was an MTU issue, Azure limits MTU to 1400, fragments above, blocks out of order packets and blocks ICMP.

Because we use L3 wireless roaming at the office and home users do not, the MTU was bigger than I was aware of...

So i got that sorted, but that was part of the problem.

 

Outlook seems to be send half through GP, half direct. Even though i tried both excluding and including outlook.exe

It changes at random and we are looking into it. 

Als we have lots of video issues, all random at happening again. 

Even though we've excluded video traffic from GP, excluded domains etc..

 

Things look to boil down to DNS. We use split dns, but the GP configuration only does network split but not dns (by setting).

Although we didn't have issues with the same settings onprem it might be an issue now.

 

So a lot to be investigated

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!