Linux GlobalProtect Client not Routing Traffic to Destination Location

Linux GlobalProtect Client not Routing Traffic to Destination Location

1267
Created On 04/17/25 15:48 PM - Last Modified 10/22/25 19:36 PM


Symptom


  • The Linux client did not route traffic to the GlobalProtect tunnel when trying to access IP addresses within its local network.
  • Subnet Mask of local interface overlaps the destination IP address.
  • Windows and MAC devices route traffic to the GlobalProtect Interface.

Environment


  • Linux GlobalProtect

Cause


The root cause is that the Linux GlobalProtect client, by default, prioritizes local routing and does not forward traffic to the GlobalProtect tunnel when the intended destination is found within the client's local subnet. This behavior is documented as expected by Palo Alto Networks engineering.

Resolution


1. Configure split tunneling for the Linux clients
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1Ki000000XZIBKA4&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language