Split tunnel does not work on MacOS even when GlobalProtect App receives the split-tunnel configuration correctly

• Split tunnel does not work correctly even when GlobalProtect receives the split-tunnel configuration.
• The configuration related to split tunnel can be confirmed in PanGPS.log.
• Here is a sample log in PanGPS.log.
• In this example, Only Zoom was a split-tunnel target.

gateway sample-gateway's config is 
        <response status="success">
                <need-tunnel>yes</need-tunnel>
                <ssl-tunnel-url>/ssl-tunnel-connect.sslvpn</ssl-tunnel-url>
                <portal>GP-Portal</portal>
                <user>GPUser01</user>
                <lifetime>2592000</lifetime>
                <timeout>10800</timeout>
                <disconnect-on-idle>10800</disconnect-on-idle>
                <bw-c2s>1000</bw-c2s>
                <bw-s2c>1000</bw-s2c>
                <gw-address>X.X.X.X</gw-address>
                <ipv6-connection>no</ipv6-connection>
                <ip-address>X.X.X.X</ip-address>
                <netmask>255.255.255.255</netmask>
                <ip-address-preferred>yes</ip-address-preferred>
                <dns>
                        <member>8.8.8.8</member>
                </dns> 
                <wins>
                </wins> 
                <dns-suffix>
                </dns-suffix> 
                <default-gateway>X.X.X.X</default-gateway>
                <mtu>0</mtu>
                <no-direct-access-to-local-network>yes</no-direct-access-to-local-network>
                <access-routes>
                        <member>0.0.0.0/0</member>
                        <member>8.8.8.8/32</member>
                </access-routes> 
                <exclude-access-routes>
                </exclude-access-routes> 
                <exclude-split-tunneling-application>
                        <member>/Applications/zoom.us.app/Contents/MacOS/zoom.us</member>
                </exclude-split-tunneling-application> 
... 

• GlobalProtect App on Mac OS.
• Split Tunnel

• The required plugin is not enabled on Mac OS
• This can be seen in the PanGPA.log. This is displayed as below.

Info ( 552): system ext is not ready. enable it first

• Another way to confirm is to check systemextensionsctl.txt file which will show following. This file is also a part of debug logs collected on the client.

GlobalProtectExtension	[activated waiting for user]

1. Enable plugin on Mac OS as described in the macOS Install Guide, step 3 and 7 through 9
2. Once enabled, the Split tunnel should work fine.

Enable System and Network Extensions using jamf PRO