Palo Alto Networks Knowledgebase: GlobalProtect Gateway DNS Settings Ignored on IOS Devices

GlobalProtect Gateway DNS Settings Ignored on IOS Devices

Created On 08/05/19 20:24 PM - Last Updated 08/05/19 20:36 PM
Mobile Network Infrastructure


A primary and secondary DNS server is configured on the GlobalProtect gateway. However, IOS devices running the Palo Alto Networks GlobalProtect client do not seem to be using the DNS servers for name resolution when connected to the gateway.


This is a known limitation with IOS devices when using split tunneling. There are two workarounds for this issue:

  • Disable split tunneling by setting the access route to in the Global Protect Gateway settings
  • The other option is to configure a DNS suffix for the zones that should be resolve by the DNS servers configured in GlobalProtect Portal. This will force the IOS device to use the GlobalProtect issued DNS server for the zones\domains defined in the suffix. All other queries will use the locally configured DNS settings.

owner: jteetsel

  • Print
  • Copy Link

Choose Language