How to bypass Prisma Access DNS Proxy configurations for specific Mobile Users

To instruct on creating specific dns settings that bypasses the default DNS proxy Object for Mobile Users, for troubleshooting or other use cases.

• Prisma Access Mobile Users

In order to have specific DNS settings for a specific user / user groups that precedes the Prisma Access DNS proxy configurations you can perform the following.

1. Create a user/user Group specific gateway agent configuration from the following location

[Mobile_User_Template] Network > GlobalProtect > Gateways > GlobalProtect_External_Gateway > Agent

2.   Select the Network Services tab to configure DNS settings that will are assigned to the virtual network adapter on the endpoint when the GlobalProtect app establishes a tunnel with the gateway. 

Note: This DNS setting configuration is given precedence over Prisma Access DNS configuration in Onboarding section from Mobile Users

3. Create a security rule to allow traffic from the Mobile user subnet to the intended DNS Server in the [Mobile User Device Group] Policies > Security

Prisma Access leverages DNS Proxy and offers multiple configurations from Mobile User onboarding section as discussed in the following document

DNS Resolution for Mobile Users—GlobalProtect and Remote Network Deployment