Commit fails when configuring IP-Range for Access Route Exclude Traffic on Global Protect for split tunnel.

Commit fails when configuring IP-Range for Access Route Exclude Traffic on Global Protect for split tunnel.

1927
Created On 07/21/23 08:15 AM - Last Modified 04/25/24 21:42 PM


Symptom


  • Commit fails when configuring Access Route Exclude Traffic with IP-Range in the split tunnel for Global Protect.
  • Validation process passes but push to the instance Fails.
rtaImage (1).jpg
 

Environment


  • Cloud-Managed Prisma Access
  • Split Tunnel configuration
  • GlobalProtect

Cause


IP-Range configuration is not supported for Access Route Exclude Traffic in Split Tunneling for Global Protect.

Resolution


  1. Configure the Addresses type as "IP Netmask" using the slash notation ( ip_address/mask)
  2. Just a single ip such as 192.168.80.50 or using "/" such as 192.168.80.0/24 can be used
  3. One can also use IPv6 address or an IPv6 address with its prefix (Ex. 2001:db8:123:1::1 or 2001:db8:123:1::/64)
rtaImage.jpg
 

Additional Information


Refer to the Configure a Split Tunnel Based on the Access Route for detailed configuration steps.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000bqW4CAI&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail