DNS configured in GP settings: Primary DNS 10.250.1.1, secondary DNS 10.250.1.2 Access route: split tunnel- 10.250.0.0/16 allowed in GP. Once clients are connected to globalprotect, they are getting the above DNS settings. so the traffic going to internet also resolving in above Internal DNS server. Now i have the requirement for GP users, when traffic going to internet, it should resolve using public DNS say 8.8.8.8 or 4.2.2.2 and the traffic going to 10.250.0.0/16 to GP tunnel should resolve to DNS 10.250.1.1, secondary DNS 10.250.1.2. I have configured as per below KB for fulfil the above requirement. its working fine, some of the users complain about internal DNS server issue for GP connected internal sites sometimes. However internet traffic resolution working fine. so we have removed this config https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Configure-DNS-Proxy-for-GlobalProtect-Clients/ta-p/124541 Kindly suggest if there is any workaround for this requirement
... View more