04-13-2020 01:02 AM
Re the Variables working / not working, I’d also like to see some official documentation from Palo on this rather than community posts.
For example I have a case open with Palo support right now that have referred me to this post to show that Variables do work.
I replied saying that I am aware of this thread as I’m in it and I’d like official documentation on this rather than community driven information (no offence meant).
The engineer then referred me to another thread which looks like it’s a community written article:
Im interested @bspilde what you were saying in that Palo said variables will not work. Have you got a ticket re this with them?
Personally I’m struggling with GP split tunnelling right now. - I want to send ALL traffic down the Tunnel EXCEPT “xyz”
I was therefore advised by PA support to enable split tunnelling (untick “Disable the No direct access to local network”) and add 0.0.0.0/0 in the include and add the objects I want to exclude in the appropriate exclusions fields.
The end result is that the domains I add into the domains exclusions are no longer reachable whilst the tunnel is established. The same issue is happening for video traffic (after I enabled the video so go directly) - no video traffic can be played whilst the tunnel is established.
The other things I’ve come to discover are the following, and I’d welcome anyone’s feed back on this:
1. Limitation 1: We can only add up to 10 entries in the "Access Route" Include / Exclude?
2. Limitation 2: We are not able to utilize "Address Groups" in the "Access Route" Include / Exclude?
3. The question re the variables which seems to be up in the air.
Im running PanOS 8.1x
The PA support person I’m talking to says that these limits are not correct as of PanOS 8.0.2.
Again, I’d welcome anyone else’s comments as I’m banging my head against a break wall on this one.
Am I getting this wrong!?
Thanks
