limitation of GlobalProtect Include/Exclude Client Application Process Name

limitation of GlobalProtect Include/Exclude Client Application Process Name

Created On 05/15/20 23:21 PM - Last Modified 09/23/20 02:01 AM

  • Starting GlobalProtect App version 4.1, with Firewall running PAN-OS 8.1 as GlobalProtect Gateway, Users can configure GlobalProtect Split Tunnel base on traffic originating from the client process. 
  • In some cases, application at the endpoint would create separate sub-directories with child application files inside dynamically, and network connection would be originated from the application within those sub-directories. 
  • An Example of one such application is GoToMeeting.  Tracing down the application that opens the network connection we could find a folder path like:
Because sub-directories and corresponding application files are created and removed dynamically, customer would want to use wildcard in the application process names when configuring Split Tunnel, for example:

Such a folder path format when configured will not work. limitiation  

  • GlobalPortect Gateway hosting on Firewall running PAN-OS 8.1 or above
  • GlobalProtect App 4.1 and above
  • Split Tunnel Settings

Currently wildcard is not supported in process and folder path at this time.

  • Do not use wildcard in application process name setting because it is currently not supported. 
  • At this time, No other solution or workaround is available. 
  • If this is a required feature that is needed to be supported in GlobalProtect, Submit a feature request with designated Systems Engineer or Account team.

  • Print
  • Copy Link

Choose Language