This feature avoids constant manual updates to split-tunnel configurations. When third-party application paths change after a software or patch update, security administrators often waste time manually modifying the exclusion or inclusion lists.

You can now configure the path for the endpoint application using the wildcard character (*) while setting up application-based split-tunneling, for both excluded and included traffic. This enhancement simplifies administration for common third-party applications, such as Symantec Web Security Service (WSS) or Microsoft Teams.

When you use the wildcard character in the application path and add it to the exclude or include list, GlobalProtect® bypasses the specific application path check. This ensures that even if the application path changes after a software or patch update, the split-tunnel configuration remains accurate without requiring manual intervention. You can add up to 200 entries to the list to exclude or include traffic through the VPN tunnel.