limitation of GlobalProtect Include/Exclude Client Application Process Name

limitation of GlobalProtect Include/Exclude Client Application Process Name

Created On 05/15/20 23:21 PM - Last Modified 05/20/22 20:12 PM

  • Starting GlobalProtect App version 4.1, with Firewall running PAN-OS 8.1 as GlobalProtect Gateway, Users can configure GlobalProtect Split Tunnel base on traffic originating from the client process. 
  • In some cases, application at the endpoint would create separate sub-directories with child application files inside dynamically, and network connection would be originated from the application within those sub-directories. 
  • An Example of one such application is GoToMeeting.  Tracing down the application that opens the network connection we could find a folder path like:
Because sub-directories and corresponding application files are created and removed dynamically, customer would want to use wildcard in the application process names when configuring Split Tunnel, for example:

Such a folder path format when configured will not work. 

  • GlobalPortect Gateway hosting on Firewall.
  • Supported PAN-OS versions.
  • GlobalProtect App 4.1, 5.0, 5.1, 5.2 and 6.0.
  • Split Tunnel Settings

Currently wildcard is not supported in process and folder path at this time.

  • Do not use wildcard in application process name setting because it is currently not supported. 
  • At this time, No other solution or workaround is available. 
  • If this is a required feature that is needed to be supported in GlobalProtect, Submit a feature request with designated Systems Engineer or Account team.

  • Print
  • Copy Link

Choose Language