How to configure DNS settings on GP gateway for Global protect UWP clients

How to configure DNS settings on GP gateway for Global protect UWP clients

76994
Created On 12/10/21 18:57 PM - Last Modified 04/22/24 21:55 PM


Objective


  • Objective of this article is to explain the configuration of DNS settings on Global Protect gateway for Global protect UWP clients. 
  • Global protect UWP client will only resolve to the hostnames for which domains are configured as DNS suffix under DNS settings in Global Protect Gateway.
  • Trying to resolve any other names which are not in the DNS suffix list will fail. To resolve this one need to remove any suffixes configured and leave it empty.

Environment


  • Global Protect Gateway
  • Global Protect Agent
  • Universal Windows Platform (UWP) Client

Procedure


  1. Login to GP gateway and navigate to GUI: Network > Gateways >  Select Gateway > Agent > Client settings > Click on config for UWP client > Network services.
  2. Check in DNS suffix tab to see if any domains are configured.
  3. Run "Get-DNSClientNrptPolicy" in "cmd" prompt on user machine to verify DNS servers configured on gateway are pushed properly to client machine or not. 
  4. If one would like to allow their users on UWP client to allow access to only internal sites then they can configure internal domains as DNS suffix. For example, if one uses paloaltonetworks.com as your DNS suffix, you still can go to like support.paloaltonetworks.com
  5. If one would like to allow their users to access all sites including internal and external, leave this section empty. It is by design and limitation with UWP clients.

User-added image
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000oMr2CAE&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language