GlobalProtect
Enforce GlobalProtect Exclusions
Table of Contents
Enforce GlobalProtect Exclusions
Software Support: Starting with GlobalProtect™
app 5.1 with Content Release version 8196-5685
OS Support:
Windows and macOS
You can now configure exclusions for specific
local IP addresses or network segments when you enforce GlobalProtect
for network access. By configuring exclusions, you can improve the
user experience by allowing users to access local resources when
GlobalProtect is disconnected. For example when GlobalProtect is
not connected, GlobalProtect can allow access to link-local addresses.
This allows a user to access to a local network segment or broadcast
domain.
- On the firewall configured to act as the GlobalProtect portal,
select the relevant app configuration.Select .
- Specify up to ten comma-separated IP addresses or network segments
for which you want to allow access when GlobalProtect cannot establish
a connection.The IP addresses you provide for Allow traffic to specified hosts/networks when Enforce GlobalProtect Connection for Network Access is enabled and GlobalProtect Connection is not established are used only when Enforce GlobalProtect Connection for Network Access is Yes. Use commas to separate multiple addresses or segments and do not add spaces between entries.
![]()
- Click OK twice.
- Commit the configuration.
