About rajjair

To stop the client certificate pop-up you need to make sure the VPN  url is either in your local intranet zone or in your trusted sites with IE Options configured "don't prompt  for  client certificate  selection when no certificates or only one certificate exists " which needs to be set to enable    For Chrome and Edge the policy AutoSelectCertificateForUrls   Microsoft Edge Browser Policy Documentation | Microsoft Docs   Chrome Enterprise Policy List & Management  |  Documentation (google.com) ... View more

Is there log file or way to validate the application process id is being split tunnel by gp client ... View more

I have experienced a lot issue with GP client and install issue when doing upgrades. I moved to script based install where we trigger an uninstall of the client. Clean the folder and regkey and the perform a fresh install.     ... View more

Hey All   If the application process is located in the user profile directory and would like the ability to use that application for exclude and include then please have your SE vote for this feature request  FR#11579   Currently GP client does not support the ability to white-list process id located in the user profile directory. Example application is Microsoft teams   Thanks RJ ... View more

Hi MickBall   That is what I had and observed also, in the palo traffic logs i could see ms-teams app coming for VPN users. Before I found this forum I had also opened a ticket with support on this issue as wanted a way to confirm traffic for sure is being split or not. What they informed me applications sitting in user context is not supported at this time. I would prefer to use Process ID then IPs as IPs can change and keep config up to date without any automation and checking for changes     ---- Here is what the TAC mentioned to me ---- " The full path of the application to be included from the tunnel is currently only resolvable in PanGPS context for windows it is system service context. While for Mac, it is root context in prelogon and user context after user logon. Currently you have the following path %USERPROFILE%\AppData\Local\Microsoft\Teams\current\Teams.exe In order for PanGPS to resolve the path you will need to shift the path to a system service context as opposed to a user context as shown in the example below, "%ProgramFiles(x86)%\Google\Chrome\Application\chrome.exe" Other customer requested us to improve this path issue and submitted it as a feature request. But it has not been implemented yet. So we suggest to avoid this issue by routing. Add routes to exclude from the VPN tunnel. These routes are sent through the physical adapter on endpoints rather than through the virtual adapter (the tunnel).   " ... View more

Thanks for that.. I am curious have you tried doing split tunnel based on process name   exclude-applications [ "%PROGRAMFILES(X86)%\VMware\VMware Horizon View Client\vmware-view.exe" "%PROGRAMFILES(X86)%\VMware\VMware Horizon View Client\x64\vmware-remotemks.exe" "%PROGRAMFILES%\Microsoft Office\root\Office16\OUTLOOK.EXE" %LOCALAPPDATA%\Microsoft\Teams\current\Teams.exe];   Raj ... View more

Hi Goran   Are you able to share you configuration.. we are trying to split the o365 traffic want to ensure we are configuring it correctly. Teams traffic for us is still going through the tunnel..    Did you do any split tunnel using process or all domains   RJ ... View more