Configure GlobalProtect to Disable Direct Access to the Local Network
Focus
Focus

Configure GlobalProtect to Disable Direct Access to the Local Network

Table of Contents

Configure GlobalProtect to Disable Direct Access to the Local Network

Configure GlobalProtect to disable direct access to the local network.
To make sure that all mobile user traffic is sent to Prisma Access, you can completely disable outgoing connections, including local subnet traffic, from being sent to the local adapter. You can deactivate all outgoing connections to the local adapter by making configuration changes to the GlobalProtect gateway.
You can perform these steps on Panorama or on an on-premises firewall that has been configured as a GlobalProtect gateway.
Enable the
No direct access to local network
setting to reduce risks in untrusted networks such as rogue Wi-Fi access points.
  1. Select
    Network
    GlobalProtect
    Gateways
    .
  2. Select an existing GlobalProtect gateway or
    Add
    a new one.
  3. Select
    Agent
    Client Settings
    .
  4. Select the
    DEFAULT
    configuration or
    Add
    a new one.
  5. Select
    Split Tunnel
    ; then, select
    No direct access to local network
    .
    Disabling local network access causes all traffic, including IPv4 and IPv6 traffic, from being sent to the local adapter. In addition, you won't be able to access resources on your local subnet, such as printers. Split tunnel traffic based on access route, destination domain, and application still works as expected.
  6. (
    Panorama and Prisma Access deployments only
    ) Commit your changes locally to make them active in Panorama.
    1. Select
      Commit
      Commit to Panorama
      .
    2. Make sure that your change is part of the
      Commit Scope
      .
    3. Click
      OK
      to save your changes to the push scope.
    4. Commit
      your changes.
  7. Commit
    and
    Push
    your changes to make them active in Prisma Access.

Recommended For You