GlobalProtect
Split DNS
Table of Contents
Split DNS
Enable users to access applications or local resources
by specifying exclusions or inclusions and send DNS queries.
Software Support: Starting with GlobalProtect™
app 5.2 with Content Release version 8284-6139 or later.
OS
Support: Windows and macOS running macOS Catalina 10.15.4 or
later
You can now enable users to access applications or local
resources by specifying exclusions or inclusions and send DNS queries
to a local DNS server using the physical adapter on the endpoint.
With Split DNS, you can configure which domains are resolved by
the VPN assigned DNS servers and which domains are resolved by the
local DNS servers. With the Split-Tunnel Option that
is available as an app setting in the App Configurations area
of your GlobalProtect portal, you can enable split DNS to allow
users to direct their DNS queries for applications and resources
over the VPN tunnel or outside the VPN tunnel in addition to network
traffic.
- Before you begin:
- Launch the Web Interface.
- Configure a GlobalProtect gateway
- Select to modfiy an existing gateway or add a new one.
- Configure a split tunnel based on the domain.
- Enable network traffic or both network traffic and DNS.You can enable split DNS to allow users to direct their DNS queries for applications and resources over the VPN tunnel or outside the VPN tunnel in addition to network traffic.
- Select .
- Select Network Traffic Only to
include and exclude rules that are applied only to network application
traffic and not to DNS traffic. All DNS traffic goes through the
VPN tunnel irrespective of the split tunnel based on the destination domain that
you specified for inclusions and exclusions. When you select Both
Network Traffic and DNS the split tunnel based on the
destination domain that you specified for inclusions and exclusions
are applied to the DNS traffic and the associated network application
traffic for that domain.
![]()
- Click OK twice.
- Commit the configuration.
