How to force zoom traffic NOT to go through Global Protect VPN tunnel using Split Tunnel

• In other to avoid the use resources in Palo Alto Networks because of the amount of traffic with zoom application, Split Tunnel in Global Protect is useful.
• Entering the domains *zoom.us and/or *zoom.com using Exclude Domain under Split Domain in Global Protect configuration may not be enough, and traffic with zoom applications may still go through the Global Protect VPN tunnel.
• Reason is that Palo Alto Networks does not know all the domains being used by zoom and as the demand for zoom increases, the URL will keep changing.
• Other options need to be done to force zoom application not to go through Global Protect VPN tunnel.

• PANOS 8.1.11
• PA-3020
• Global Protect agent 5.0.8

• There are two options for resolution

1. Go to Network => GlobalProtect=> Gateway=> Gateway <name> > Agent=> ClientSettings=> <Config Name>=> Split Domain=> Access Route => Exclude
2. Enter the list from the following link: Zoom IP address list

3. Commit

1. Go to Network => GlobalProtect=> Gateway=> Gateway <name> > Agent=> ClientSettings=> <Config Name>=> Split Domain=> Domain and Application => Exclude client Application Process Name
2. Enter the application path where zoom is located in client.

• Here is a list of paths you can use:

C:\Program Files (x86)\Zoom\bin\Zoom.exe
%USERPROFILE%\AppData\Roaming\Zoom\bin\Zoom.exe
%USERPROFILE%\AppData\Roaming\Zoom\*
%USERPROFILE%\AppData\Roaming\Zoom\bin\CptHost.exe

3. Commit.