root cause: we are running into this issue quite long. Root cause:The NLA/NCSI is confused and incorrectly assumes there is no active internet connection because the VPN adapter does not have an explicit default gateway IP defined. Workaround we tried still testing though 1-Change the NLA under services to automatic delayed start ( so it takes some secs to start rather than automatic) 2->As Both of these rely on there being a default gateway specified for the current active Internet connection for them to successfully report the connection is up, I added default gateway “192.168.0.1" on my wifi network.( and added NLA and NLC ip are added to Allow traffic to specified hosts/networks when Enforce GlobalProtect Connection for Network Access is enabled and GlobalProtect Connection is not established ) 3->if you hv pre-logon you would need to allow NLSA on pre-logon policy as well. Type of Request that NCSI Sends msftconnecttest.com dns.msftncsi.com
... View more
Any way we can achieve this by creating custom signature that allows only valid http requests to URLs and not to IP addresses? As currently Blocked domain or URL not HTTPS or protected by cloud-fare can easily get passed URL filtering block Understanding that IP is not a url filtering problem, so looking for ways to prevent that.
... View more