Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who rated this post

L4 Transporter

Hi @mdsgn1,

If I understand correctly, you want a way to mark tunneled VPN traffic as "external" so that the Cortex XDR-Managed Windows Firewall can scrutinize the traffic. If that is accurate, I would recommend disabling the Network Location Configuration setting in the Agent Settings Profile for your target endpoint(s). You can do this by going to Endpoints > Profiles, Editing your target profile, and then disabling the Network Location Configuration item as shown below.


Disable_Network Location Configuration_TakeI.gif

Once completed, all traffic will be considered External as there will no longer be tests to evaluate positioning. Please let me know how this works for you.

PS:  As an alternative, you can also configure the Network Location Configuration to test for an IP or Domain that you know will fail over the VPN tunnel. However, this would require more advanced knowledge of the network configuration.

Visit our Cortex XDR Customer Corner on Live Community to access resources for your product journey, engage in discussions with community members and subject matter experts, and register for upcoming events!

*Cortex XDR Customer Corner:

Join our Cortex XDR Office Hours to receive live guidance and training from our Customer Success Architects.

*Cortex XDR Office Hours [NAM]:
*Cortex XDR Office Hours [EMEA/APAC]:
Who rated this post