Why is UDP/137 traffic via the GlobalProtect VPN adapter observed with a split tunnel configuration based on the access route?

Why is UDP/137 traffic via the GlobalProtect VPN adapter observed with a split tunnel configuration based on the access route?

373
Created On 04/11/25 00:35 AM - Last Modified 10/29/25 21:52 PM


Question


Why is UDP/137 traffic via the GlobalProtect VPN adapter observed with a split tunnel configuration based on the access route?

Environment


  • GlobalProtect (GP)
  • Prisma Access Mobile Users
  • Autonomous DEM agent

Answer


  1. When Autonomous DEM Agent is installed alongside GlobalProtect, the Autonomous DEM (ADEM) agent sends its network traffic using UDP port 137.
  2. The ADEM agent is designed to send this traffic through the VPN adapter.
  3. GlobalProtect does not block traffic that is directed to the VPN adapter.
  4. This behavior is intentional. GlobalProtect's split tunnel configuration correctly sets the system routing as designed, allowing the ADEM agent's traffic (UDP/137) to pass through the VPN adapter without being blocked.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1Ki000000TN2rKAG&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail