- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
03-05-2021 06:27 AM
Hello
We have set split tunnel for our Win10 clients, GP is version 5.1.6 and 5.2.5. PAN-OS is 9.1.7.
- default route to firewall
- bypass tunnel for some network ranges (e.g. MS-Teams)
- bypass tunnel for some URLs (e.g. MS-Teams)
- enable DNS-Split
For a small fractions of the users I see the MS-Teams traffic sent back to the firewall (expected was it is bypassing the tunnel).
The routing table on the client looks correct. Based on the routes the traffic should never be sent via the tunnel.
We tried to remedy a potential issue with the network interface with "netsh int ip reset" as administrator, same result.
Any idea what could cause such a strange behavior?
03-05-2021 08:57 AM
Hello,
I would recommend to you to take logs from the Global Protect Client at the time when user is trying to connect to Teams.
I would also collect logs from FW from user IP to see what is destination of Teams Server that user is trying to connect. Microsoft is adding IP ranges all the time for different servers around the world. How many Agents Portals, Gateways did you create?
03-06-2021 11:21 AM
Hello @Pawel_G
Unfortunately there is nothing in the logs which raises my attention.
The traffic seen on the firewal is sent to an IP address which is covered by split tunnel.
03-07-2021 08:59 PM
Hello Joerg,
I would also check your User ID Agent for logs. Sometimes when User ID loose connection to Agent, GP will not pickup Group that you specify.
Also I would collect packet captures.
03-07-2021 10:43 PM
@Pawel_G group mapping is not controlled through the User-ID agent, so losing connection can't impact group mapping
@JoergSchuetter have you tried reinstalling+upgrading to 5.1.8 the GP agent on one of the affected devices? I've seen something similar both with a bug in the GP agent, and an install that somehow failed to properly bind the gp virtual interface
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!