Split Tunnel Domain & Application Cisco Umbrella Issue

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Split Tunnel Domain & Application Cisco Umbrella Issue

L3 Networker

We have one GlobalProtect Portal and 3 Gateways. This one Gateway is version 9.0.9-h1, and the GlobalProtect client version is 5.2.3-22. For testing, on this one Gateway, I enabled Split tunnel Domain and Application for *.webex.com and *.zoom.us.

 

I'm testing from home with two laptops, and both are connected to this same GP Gateway. Laptop 1 does not have all our client-side security software, and I see the traffic for both these domains going out the local network interface/Internet. Laptop 2, which has all our client-side security software, I see traffic for both domains going down the VPN.

 

I think the problem with laptop 2 may be Cisco Umbrella? Has anyone seen this issue with security software?
Thanks for any help.

Jeff

Passionate about network infrastructure and all things Palo Alto Networks.
5 REPLIES 5

L3 Networker

We confirmed the domain exclusion is a Cisco Umbrella issue but still like to know if anyone else has had this issue and, if so, what was your resolution?

Thank you.

 

Jeff

Passionate about network infrastructure and all things Palo Alto Networks.

Any update on this with cisco umbrella?

L3 Networker

split domain had some issues on various versions. 

A hotfix for 5.2.5 has been released with a lot of fixes btw: Addressed Issues in GlobalProtect App 5.2 (paloaltonetworks.com)

Thank you as we upgraded but still not working. I read the Addressed Issues and it's impressive how many could have been the issue.

Passionate about network infrastructure and all things Palo Alto Networks.

we have also same issue... We have configured split tunnel domain for  *.example.com.. Its not working when Cisco Umbrella agent is active...once we have disabled the agent it is working as expected...there is one option on umbrella to offload URL domain, that will fallback the request to internal GP client DNS instead going towards opendns. 

  • 5939 Views
  • 5 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!