In which order are GlobalProtect Split Tunnel Rules applied?

In which order are GlobalProtect Split Tunnel Rules applied?

1851
Created On 09/30/22 15:07 PM - Last Modified 12/02/25 18:07 PM


Question


In which order are the GlobalProtect Split Tunnel Rules applied?

Environment


  • PAN-OS 9.1 and above.
  • GlobalProtect Gateway
  • Split Tunnel

Answer


The Split Tunnel Rules are applied for Windows and macOS endpoints in the following order:

  1. Applications are excluded.
  2. Applications are included.
  3. Domains are excluded.
  4. Domains are included.
  5. Network traffic is excluded or included based on access routes. 

    More specific access routes take precedence over more general ones. If the same access route appears in both the Include and Exclude lists, the Include list will take priority. This means the subnet will still be routed through the VPN adapter.

Additional Information


Split Tunnel traffic on GlobalProtect Gateways

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000sZK4CAM&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail