Configure Split DNS for GlobalProtect App on Windows and macOS Endpoints

1. Before you begin:

   1. Launch the Web Interface.
   2. Configure a GlobalProtect gateway
   3. To modify an existing gateway or add a new one:

      • On Panorama, select NetworkGlobalProtectGateways<gateway-config>.
      • On Strata Cloud Manager (Prisma Access), ConfigurationNGFW and Prisma AccessConfiguration ScopePrisma AccessGlobalProtectSetupGlobalProtect AppTunnel Settings.
      • On Strata Cloud Manager (NGFW), ConfigurationNGFW and Prisma AccessConfiguration ScopeAll FirewallsDeviceGlobalProtectPortals and GatewaysGateways.
   4. Configure a split tunnel based on the domain.
2. Enable network traffic or both network traffic and DNS.

   You can enable split DNS to allow users to direct their DNS queries for applications and resources over the VPN tunnel or outside the VPN tunnel in addition to network traffic.

   1. Select NetworkGlobalProtectPortals<portal-config> Agent<agent-config> AppSplit Tunnel Option.

   • On Strata Cloud Manager (NGFW), ConfigurationNGFW and Prisma AccessDeviceGlobalProtectPortals and GatewaysAgent SettingsAgent Tunnel Settings and thenAdd Agent Tunnel SettingsSplit Tunneling.

   1. Select Network Traffic Only to include and exclude rules that are applied only to network application traffic and not to DNS traffic. All DNS traffic goes through the VPN tunnel irrespective of the split tunnel based on the destination domain that you specified for inclusions and exclusions. When you select Both Network Traffic and DNS the split tunnel based on the destination domain that you specified for inclusions and exclusions are applied to the DNS traffic and the associated network application traffic for that domain.

3. Click OK twice.
4. Commit the configuration.