How to force zoom traffic NOT to go through Global Protect VPN tunnel using Split Tunnel
43016
Created On 07/09/20 15:35 PM - Last Modified 07/28/20 20:13 PM
Objective
- In other to avoid the use resources in Palo Alto Networks because of the amount of traffic with zoom application, Split Tunnel in Global Protect is useful.
- Entering the domains *zoom.us and/or *zoom.com using Exclude Domain under Split Domain in Global Protect configuration may not be enough, and traffic with zoom applications may still go through the Global Protect VPN tunnel.
- Reason is that Palo Alto Networks does not know all the domains being used by zoom and as the demand for zoom increases, the URL will keep changing.
- Other options need to be done to force zoom application not to go through Global Protect VPN tunnel.
Environment
- PANOS 8.1.11
- PA-3020
- Global Protect agent 5.0.8
Procedure
- There are two options for resolution
- Go to Network => GlobalProtect=> Gateway=> Gateway <name> > Agent=> ClientSettings=> <Config Name>=> Split Domain=> Access Route => Exclude
- Enter the list from the following link: Zoom IP address list
- Commit
OPTION 2
- Go to Network => GlobalProtect=> Gateway=> Gateway <name> > Agent=> ClientSettings=> <Config Name>=> Split Domain=> Domain and Application => Exclude client Application Process Name
- Enter the application path where zoom is located in client.
- Here is a list of paths you can use:
C:\Program Files (x86)\Zoom\bin\Zoom.exe %USERPROFILE%\AppData\Roaming\Zoom\bin\Zoom.exe %USERPROFILE%\AppData\Roaming\Zoom\* %USERPROFILE%\AppData\Roaming\Zoom\bin\CptHost.exe
- Commit.