Split DNS
Focus
Focus
GlobalProtect

Split DNS

Table of Contents

Split DNS

Enable users to access applications or local resources by specifying exclusions or inclusions and send DNS queries.
Software Support
: Starting with GlobalProtect™ app 5.2 with Content Release version 8284-6139 or later.
OS Support
: Windows and macOS running macOS Catalina 10.15.4 or later
You can now enable users to access applications or local resources by specifying exclusions or inclusions and send DNS queries to a local DNS server using the physical adapter on the endpoint. With Split DNS, you can configure which domains are resolved by the VPN assigned DNS servers and which domains are resolved by the local DNS servers. With the
Split-Tunnel Option
that is available as an app setting in the
App Configurations
area of your GlobalProtect portal, you can enable split DNS to allow users to direct their DNS queries for applications and resources over the VPN tunnel or outside the VPN tunnel in addition to network traffic.
  1. Before you begin:
    1. Select
      Network
      GlobalProtect
      Gateways
      <gateway-config>
      to modfiy an existing gateway or add a new one.
  2. Enable network traffic or both network traffic and DNS.
    You can enable split DNS to allow users to direct their DNS queries for applications and resources over the VPN tunnel or outside the VPN tunnel in addition to network traffic.
    1. Select
      Network
      GlobalProtect
      Portals
      <portal-config>
      Agent
      <agent-config>
      App
      Split Tunnel Option
      .
    2. Select
      Network Traffic Only
      to include and exclude rules that are applied only to network application traffic and not to DNS traffic. All DNS traffic goes through the VPN tunnel irrespective of the split tunnel based on the destination domain that you specified for inclusions and exclusions. When you select
      Both Network Traffic and DNS
      the split tunnel based on the destination domain that you specified for inclusions and exclusions are applied to the DNS traffic and the associated network application traffic for that domain.
  3. Click
    OK
    twice.
  4. Commit
    the configuration.

Recommended For You