Global Protect Split Tunneling with multiple network adapters

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Global Protect Split Tunneling with multiple network adapters

L0 Member

Hey community,

 

We are struggling with a certain case for many of our customers.

We have many users working in service who connect to #GlobalProtect with their Windows notebooks via mobile data to #Prisma Cloud. From there, they access the internet or internal resources. We have some bypassed decryption rules.


For their work, they need to connect via Ethernet to a second network, but they cannot reach it with an established tunnel. I think Split Tunneling would be the right solution.

However, even if I don't disable access to the local network and exclude the traffic (10.3.33.0/24) for the second network, it is still not reachable. Traceroute shows that it is trying to route the packets through the tunnel.

Does split tunneling in GlobalProtect only bypass traffic from the VPN tunnel and not use another adapter?

For more explanation, I have added a drawing.

Any ideas or experiences?

Thanks in advance, Peter

2 REPLIES 2

Cyber Elite
Cyber Elite

@Peter_Keller,

I think what you would have to do here going forward is setup a GlobalProtect login script on the machines to properly update the routes to get this to function properly. You'll have to do some testing to ensure that the routes you install are properly removed upon a disconnect.

Thank you BPry for you reply.

 

So you would run a f.e. powershell script as post-vpn-command to set routes to certain networks?

I don't think this will solve our problem, we connect sometimes to private networks and don't know the networks. Would it even work if the pan adapter uses metric 1?

  • 264 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!