: Starting with GlobalProtect™
app 5.1 with Content Release version 8196-5685
OS Support
:
Windows and macOS
You can now configure exclusions for specific
local IP addresses or network segments when you enforce GlobalProtect
for network access. By configuring exclusions, you can improve the
user experience by allowing users to access local resources when
GlobalProtect is disconnected. For example when GlobalProtect is
not connected, GlobalProtect can allow access to link-local addresses.
This allows a user to access to a local network segment or broadcast
domain.
On the firewall configured to act as the GlobalProtect portal,
select the relevant app configuration.
Select
Network
GlobalProtect
Portals
<portal-config>
Agent
<agent-config>
App
.
Specify up to ten comma-separated IP addresses or network segments
for which you want to allow access when GlobalProtect cannot establish
a connection.
The IP addresses you provide for
Allow traffic
to specified hosts/networks when Enforce GlobalProtect Connection
for Network Access is enabled and GlobalProtect Connection is not
established
are used only when
Enforce GlobalProtect
Connection for Network Access
is
Yes
.
Use commas to separate multiple addresses or segments and do not
add spaces between entries.