09-24-2025 08:01 AM
Hello Community,
We would like to configure split tunneling on Global Protect settings for Webex traffic.
We have the GlobalProtect Gateway License active and enabled.
We have already configured a list of Subnet network excluded in GW >> Agent >> Clients settings >> Split Tunnel >> Access route >> Exclude
However, when Global Protect tunnel is up and check the traffic from the mobile, the Webex traffic pass through the tunnel and it is not excluded.
We have this behavior only for iPhone mobile or Android Mobile.
Indeed, from Windows and Mac no issue as all traffic for Webex go directly to Internet not through the tunnel.
From the PA documentation, I can notice that the configuration proposed is always for Windows and MAC but please could you confirm if it s supported for mobiles as well ?
Any suggestion about the configuration if something is missing ?
Thanks in advance for your assistance.
Best regards.
09-25-2025 07:25 AM
you follow this document?
split tunnel does not work the same on mobile devices
09-26-2025 12:18 AM
Hello,
Thank you for your feedback.
Yes, we have seen it but I will double check the correct configuration for IOS.
However, Is it also valid for Android endpoint as we can notice :
What Do I Need?
I assume that Android should work with only access route feature, also please note that there is no issue with MAC and Windows with access route.
Best regards.
09-26-2025 01:17 AM
Hi,
furthermore on the KB provided, It s said :
Configure Split DNS for GlobalProtect App on iOS Endpoints
*Split-DNS -Exclude functionality is not supported on iOS platforms
On our case we would like to exclude the traffic from the tunnel.
Also, please can you elaborate more about this sentence :
"For iOS and Android endpoints, IP Access Routes control which traffic is tunneled and Domain rules control which DNS queries are tunneled. If you want both DNS and traffic for the same site to be included or excluded in the VPN tunnel, you must configure separate IP and Domain rules accordingly."
Thanks in advance for your assistance.
Best regards
09-26-2025 04:59 AM
it explicitly states it is not supported, so i'd recommend making a feature request with your local sales team :
this sentence:
"For iOS and Android endpoints, IP Access Routes control which traffic is tunneled and Domain rules control which DNS queries are tunneled. If you want both DNS and traffic for the same site to be included or excluded in the VPN tunnel, you must configure separate IP and Domain rules accordingly."
means that if you have www.example.com A 40.0.0.1
you need to create an IP based include/exclude AND a domain based include/exclude
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
