Palo Alto Networks Knowledgebase: GlobalProtect Gateway DNS Settings Ignored on IOS Devices

GlobalProtect Gateway DNS Settings Ignored on IOS Devices

7824
Created On 08/05/19 20:24 PM - Last Updated 08/05/19 20:36 PM
Mobile Network Infrastructure
Resolution

Issue

A primary and secondary DNS server is configured on the GlobalProtect gateway. However, IOS devices running the Palo Alto Networks GlobalProtect client do not seem to be using the DNS servers for name resolution when connected to the gateway.

Resolution

This is a known limitation with IOS devices when using split tunneling. There are two workarounds for this issue:

  • Disable split tunneling by setting the access route to 0.0.0.0/0 in the Global Protect Gateway settings
  • The other option is to configure a DNS suffix for the zones that should be resolve by the DNS servers configured in GlobalProtect Portal. This will force the IOS device to use the GlobalProtect issued DNS server for the zones\domains defined in the suffix. All other queries will use the locally configured DNS settings.

owner: jteetsel



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClpKCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language