Tunnel traffic does not go through a proxy when enforcement is enabled

Tunnel traffic does not go through a proxy when enforcement is enabled

793
Created On 03/30/22 00:51 AM - Last Modified 04/17/24 05:54 AM


Symptom


  • The direct connection to the Internet is blocked as per their network design, All the traffic, including GP traffic, is supposed to go through the proxy in their network.
  • The app config 'Enforce GlobalProtect Connection for Network Access' is set to  'YES'
  • The Proxy IP address and the Mobile Users' URL are added to the exclusion list
  • GlobalProtect traffic does not go through the proxy even though 'Enforce GlobalProtect Connection for Network Access' is set to  'YES '.
  • The users fail to connect to GP since their internal firewall blocks this attempt.
  • When the enforcer is disabled, GP traffic goes through the proxy as configured.

Environment


  • Palo Alto Firewall.
  • Supported PAN-OS.
  • GlobalProtect (GP) traffic to pass through configured proxy.
  • Enforce GlobalProtect Connection for Network Access' is set to  'YES '.

Cause


This is our current design. We ignore proxy settings even when 'Enforce GlobalProtect Connection for Network Access' is set to  'YES'.
 

Resolution


Contact Palo Alto Networks SE (Sales Engineer) team to submit a feature request. The change cannot be done as bug fix.
 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004Nr7CAE&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language