Can we use ping to test domain split tunneling in Globalprotect?
Created On 01/29/20 00:27 AM - Last Modified 03/28/23 16:19 PM
Can we use ping to test domain-based split tunneling in GlobalProtect?
- PAN-OS 8.1 and above.
- Palo Alto Firewall.
- Global Protect configured with domain-based split tunnel.
Ping can not be used to test domain-based split tunnel. The split tunnel DNS does not take effect on ICMP protocol and works only with http and https connections. Ping uses the ICMP protocol and so it does not work.
Refer to Optimized Split Tunneling for GlobalProtect for more information.