Configure GlobalProtect to Disable Direct Access to the Local
Configure GlobalProtect to disable direct access to the
To make sure that all mobile user traffic
is sent to Prisma Access, you can completely disable outgoing connections,
including local subnet traffic, from being sent to the local adapter.
You can deactivate all outgoing connections to the local adapter
by making configuration changes
to the GlobalProtect gateway.
You can perform these
steps on Panorama or on an on-premises firewall that has been configured as
a GlobalProtect gateway.
No direct access to local network
reduce risks in untrusted networks such as rogue Wi-Fi access points.
Select an existing GlobalProtect gateway or
a new one.
; then, select
direct access to local network
Disabling local network access causes all traffic, including IPv4 and
IPv6 traffic, from being sent to the local adapter. In addition, you
won't be able to access resources on your local subnet, such as
printers. Split tunnel traffic based on access route, destination
domain, and application still works as expected.
Panorama and Prisma Access deployments only
Commit your changes locally to make them active in Panorama.
Commit to Panorama
Make sure that your change is part of the
to save your changes
to the push scope.
changes to make them active in Prisma Access.