1. Home
    2. Prisma
    3. Prisma Access
    4. Prisma Access (Cloud Management)
    5. Mobile Users
    6. Mobile Users — GlobalProtect
    7. GlobalProtect — Customize Tunnel Settings

    GlobalProtect — Customize Tunnel Settings

    Customize the settings for the VPN tunnel the GlobalProtect app establishes to connect to Prisma Access.
    Customize the settings for the VPN tunnel the GlobalProtect app establishes to connect to Prisma Access.
    Tunnel settings include split tunneling options that you can use to define what traffic the app sends to Prisma Access and what can be routed locally instead (like bandwidth intensive applications that aren’t required for business use).
    The
    Match Criteria
     you define for tunnel settings tells Prisma Access the users, devices, or systems that should receive the settings. For example, you could specify that a tunnel settings rule applies to all instances of the GlobalProtect app in a certain region.
    You can explore all GlobalProtect tunnel settings on the
    GlobalProtect App
     page, and here are examples of some of the options available to you.
    Custom Tunnel Settings
    Explore and customize tunnel settings here —>
    Authentication Override
    Enable Prisma Access to generate and accept secure, encrypted cookies for user authentication. Turning this on allows the user to provide login credentials only once during the specified period of time.
    • Generate cookie for authentication override
      —Enables the Prisma Access to generate encrypted, endpoint-specific cookies and issue authentication cookies to the endpoint.
    • Accept cookie for authentication override
      —Enables Prisma Access to authenticate users with a valid, encrypted cookie. When the app presents a valid cookie, Prisma Access verifies that the cookie was encrypted by Prisma Access originally, decrypts the cookie, and then authenticates the user.
      The GlobalProtect app must know the username of the connecting user in order to match and retrieve the associated authentication cookies from the user’s endpoint. After the app retrieves the cookies, it sends them to Prisma Access for user authentication.
    Split Tunneling
    Split tunneling conserves bandwidth by excluding traffic Prisma Access that is not business critical or does not enable productivity. Here you can define what traffic the GlobalProtect app allows or disallows through the VPN tunnel to Prisma Access.
    • Local Network Access
      —Give Windows and Mac users access to local resources, without requiring them to first connect to Prisma Access.
    • Exclude Traffic
      —Specify traffic to exclude from Prisma Access policy inspection and enforcement based on application, domain, and route (like an IP address).
    • Customize Include Traffic
      —By default, the GlobalProtect app routes all traffic to Prisma Access except what's in the exclude list. Specify traffic that the GlobalProtect app should always route to Prisma Access, even when it meets exclude list criteria.
    Exclude Video Stream Traffic
    Choose not to send video streaming traffic from the listed applications to Prisma Access. Right now, this setting is applied globally: video streaming exclusions are applied to all traffic the GlobalProtect app sends to Prisma Access, not just the match criteria you've defined for this rule.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2023 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo