Hello We need to test MS-Teams. hence I did a few tests with split DNS. The published manuals (e.g. https://live.paloaltonetworks.com/t5/general-articles/globalprotect-optimizing-office-365-traffic/ta-p/319669) are fine, as long as the VPN gateway is "near". In our case the user is located in South Africa, and the VPN gateway is in northern Europe. The DNS requests are sent to the DNS server in northern Europe, and the reply does not provide the nearest entry-point into the Microsoft backbone. To fix that issue, I want to send some DNS requests to the users DNS server in his/her home network. Adding "*.skype.com" to Split Tunnel -> Domain and Application -> Exclude Domain and setting App -> Split-Tunnel Option to "Both Network Traffic and DNS" enabled the function. Unfortunately the experienced time for the DNS resolution will become much higher. "ping www.paloaltonetworks.com" starts immediately "ping www.skype.com" takes ~12 seconds to start I guess that GP simply blocks the DNS requests for www.skype.com (wireshark didn't show these DNS requests via the GP tunnel), so the client has to wait for the DNS timeout until it asks the local DNS server. Is this the expected behavior? PAN-OS 9.1.7 GP 5.2.4 Windows 10
... View more