Split tunneling based on the domain is not working. We need to monitor our user's web traffic while they are on roaming. While users need to connect GlobalProtect and Cisco Any connects simultaneously, some traffic should go via Cisco Any connects and rest of them via GlobalProtect. I tried split tunneling based on the domain but no luck. Is there any solution for this.
PAN-OS - 8.1.7
You can use '?' in order to see available commands. When in set config mode try next :
set global-protect global-protect-gateway GATEWAY-NAME remote-user-tunnel-configs ?
Thus for domain exclusion it is:
set global-protect global-protect-gateway GATEWAY-NAME remote-user-tunnel-configs CONFIG-NAME split-tunneling exclude-domains list DOMAIN-ENTRY
I have the same issue trying to split O365 traffic. I have two VM-300 in HA running 9.1.2 and any domain I put into the exclude list is ignored. I have to use Access Route exclusions for it to work, which is cumbersome.
If I add b-0004.b-msedge.net, or *.b-msedge.net as a domain exclusion, my system will connect via the VPN tunnel. IfI add its IP (184.108.40.206) to the Access Route exclusion, it work.
How Can I fix this?
Please refer the following document for determining the precedence order while using split-tunnel rules.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!