Enforce GlobalProtect Connections with FQDN Exclusions

Software Support
: Starting with GlobalProtect™ app 5.2 with Content Release version 8284-6139 or later.
OS Support
: Windows and macOS running macOS Catalina 10.15.4 or later
You can now configure exclusions for specific fully qualified domain names when the Enforce GlobalProtect for Network Access feature is enabled. With the
Allow traffic to specified FQDN when Enforce GlobalProtect Connection is not established
option that is available as an app setting in the
App Configurations
area of your GlobalProtect portal, you can now specify the fully qualified domain names for which you allow access when you enforce GlobalProtect connections for network access. You can configure up to twenty fully qualified domain names for which you want to allow access when you enforce GlobalProtect connections for network access and GlobalProtect cannot establish a connection. By configuring FQDN exclusions, you can improve the user experience by allowing end users to access specific resources when GlobalProtect is disconnected. For example, the endpoint can communicate with a cloud-hosted identity provider (ldP) for authentication purposes or a remote device management server even when the Enforce GlobalProtect for Network Access feature is enabled.
  1. Configure exclusions for specific fully qualified domain names or IP addresses.
    1. Select
      Network
      GlobalProtect
      Portals
      <portal-config>
      Agent
      <agent-config>
      App
      Allow traffic to specified FQDN when Enforce GlobalProtect Connection for Network Access is enabled and GlobalProtect Connection is not established
      .
    2. Specify up to 20 fully qualified domain names for which you want to allow access when you enforce GlobalProtect connections for network access.
      The fully qualified domain names that you provide are used only when
      Enforce GlobalProtect Connection for Network Access
      is set to
      Yes
      . Use commas to separate multiple fully qualified domain names (for example, google.com, gmail.com). Use the wildcard character (*) for domain names (for example, *.gmail.com). The maximum length is 1,024 characters.
      app-config-allow-traffic-fqdn.png
  2. Click
    OK
    twice.
  3. Commit
    the configuration.

Recommended For You