GlobalProtect Gateway DNS Settings Ignored on IOS Devices
A primary and secondary DNS server is configured on the GlobalProtect gateway. However, IOS devices running the Palo Alto Networks GlobalProtect client do not seem to be using the DNS servers for name resolution when connected to the gateway.
This is a known limitation with IOS devices when using split tunneling. There are two workarounds for this issue:
- Disable split tunneling by setting the access route to 0.0.0.0/0 in the Global Protect Gateway settings
- The other option is to configure a DNS suffix for the zones that should be resolve by the DNS servers configured in GlobalProtect Portal. This will force the IOS device to use the GlobalProtect issued DNS server for the zones\domains defined in the suffix. All other queries will use the locally configured DNS settings.