Global Protect users are unable to access certain URLs

Global Protect users are unable to access certain URLs

381
Created On 07/02/25 18:42 PM - Last Modified 10/21/25 20:48 PM


Symptom


  • DNS resolution works.
  • Traffic logs on Gateway do not show any information for this traffic.
  • No Session details in the Gateway because traffic does not reach the Gateway.
  • Traceroute on the user's machine shows that the traffic is sent via a different interface. 

Environment


  • Global Protect
  • Prisma Access
  • MAC/Windows

Cause


  • Static routes are configured on the user's machine because of which the traffic to these destinations are routed via different interface (for example : en0) but not through the Global Protect virtual adapter (for example : utun4).
    • This can be verified by looking into the GP logs > RoutePrint.txt.
    • The Global Protect Interface can be found in the ifconfig.txt file in the GP logs.

Resolution


Remove the static routes from the user's machine so that the traffic can be routed via the Global Protect Interface. 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1Ki000000k9vDKAQ&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail