Enforce GlobalProtect Exclusions

Software Support
: Starting with GlobalProtect™ app 5.1 with Content Release version 8196-5685
OS Support
: Windows and macOS
You can now configure exclusions for specific local IP addresses or network segments when you enforce GlobalProtect for network access. By configuring exclusions, you can improve the user experience by allowing users to access local resources when GlobalProtect is disconnected. For example when GlobalProtect is not connected, GlobalProtect can allow access to link-local addresses. This allows a user to access to a local network segment or broadcast domain.
  1. On the firewall configured to act as the GlobalProtect portal, select the relevant app configuration.
    Select
    Network
    GlobalProtect
    Portals
    <portal-config>
    Agent
    <agent-config>
    App
    .
  2. Specify up to ten IP addresses or network segments for which you want to allow access when GlobalProtect cannot establish a connection.
    The IP addresses you provide for
    Allow traffic to specified hosts/networks when Enforce GlobalProtect Connection for Network Access is enabled and GlobalProtect Connection is not established
    are used only when
    Enforce GlobalProtect Connection for Network Access
    is
    Yes
    . Use commas to separate multiple addresses or segments.
  3. Click
    OK
    twice.
  4. Commit
    the configuration.

Recommended For You