Unable to connect to Prisma Access in Proxy only mode when Cisco Anyconnect is connected

Unable to connect to Prisma Access in Proxy only mode when Cisco Anyconnect is connected

208
Created On 04/21/25 00:27 AM - Last Modified 10/17/25 02:27 AM


Symptom


  • GlobalProtect App on macOS disconnects frequently when Cisco AnyConnect VPN was enabled.
  • The issue is not seen on Windows devices with Cisco AnyConnect.
  • The GlobalProtect App is configured in Proxy mode.

Environment


  • GlobalProtect: App on macOS
  • Proxy mode
  • Cisco AnyConnect
  • Explicit Proxy

Cause


macOS failed to r redirect the DNS requests passing through the AnyConnect UTUN interface.

Resolution


The workaround for this is to set IP only based rule in forward profile for the Explicit Proxy configuration.

 

Additional Information


  • Check the following CLI output for both anyconnect connected and anyconnect disconnected.

netstat -rn
traceroute <Proxy Domain>
curl -vvI "https://Proxy URL"

  • You will fine that anyconnect does not exclude connection to proxy server when connected.
  • From the curl command, when anyconnect is connected, the SSL connection is blocked.

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1Ki000000TN5bKAG&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail