>
    Configure Split Tunneling for Privileged Remote Access Traffic
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma Access
    3. Privileged Remote Access
    4. Configure Split Tunneling for Privileged Remote Access Traffic
    Download PDF
    Prisma Access

    Configure Split Tunneling for Privileged Remote Access Traffic

    Table of Contents

    Configure Split Tunneling for Privileged Remote Access Traffic

    For users trying to access Privileged Remote Access from managed devices, configure split tunneling for the PRA domain to help improve performance.
    Where Can I Use This?What Do I Need?
    • Prisma Access (Managed by Panorama or Strata Cloud Manager)
    • Prisma Access 5.2.1
    • Minimum Prisma Access dataplane version: 11.2.4
    • Prisma Access license with a Mobile User subscription
    • Privileged Remote Access add-on license
    Privileged Remote Access (PRA) users will typically access the PRA portal from unmanaged devices where the GlobalProtect agent isn't installed. In use cases where your users access PRA from managed devices, it's recommended to configure split-tunneling for the PRA domain to help improve performance.
    You can configure split tunnel settings according to the Prisma Access management interface you're using.

    Configure Split Tunneling for Privileged Remote Access Traffic (Strata Cloud Manager)

    For managed devices, you can configure split tunneling for Privileged Remote Access traffic on Strata Cloud Manager to help improve PRA performance.
    In use cases where PRA is being accessed from managed devices that have GlobalProtect installed, configure split tunneling for the PRA domain to help improve performance.
    1. From Strata Cloud Manager, go to WorkflowsPrisma Access SetupAccess AgentGlobalProtect App.
    2. In the Tunnel Settings section, select Default.
    3. Configure split tunnel settings to exclude traffic based on the destination domain.
      1. In the Exclude Traffic section, click Add Domain.
      2. Enter the Domain you're using for PRA. This can be the default PRA domain (*.panwpra.com) or your custom PRA domain.
      3. Save your domain.
    4. Save your tunnel settings and Push Config.

    Configure Split Tunneling for Privileged Remote Access Traffic (Panorama)

    For managed devices, you can configure split tunneling for Privileged Remote Access traffic on Panorama to help improve PRA performance.
    In use cases where your users access PRA from managed devices that have GlobalProtect installed, configure split tunneling for the PRA domain to help improve performance.
    1. In the Cloud Services plugin, select NetworkGlobalProtectGateways<GlobalProtect_External_Gateway>.
    2. Configure split tunnel settings for PRA based on the destination domain. These settings are assigned to the virtual network adapter on the endpoint when the tunnel is established with the gateway.
      1. In the GlobalProtect Gateway Configuration dialog, select AgentClient SettingsDefault.
      2. In the Configs dialog, select Split TunnelDomain and ApplicationExclude Domain.
      3. Add the PRA domain that you want to exclude from the tunnel using the destination domain. This can be the default PRA domain (*.panwpra.com) or your custom PRA domain.
      4. Click OK to save the split tunnel settings and Commit your changes.

    © 2024 Palo Alto Networks, Inc. All rights reserved.