Sophos Central Firewall Manager (CFM) maintenance scheduled for Wednesday, July 8th starting at 06:30 GMT. Expected time to complete is 5 hours. Partners will be unable to access CFM during this period.
This knowledge base article provides information about Palo Alto GlobalConnect VPN when using Domain Split Tunnel mode.
Applies to the following Sophos product(s) and version(s) Sophos Endpoint Security and Control 10.8.6Central Windows Endpoint 10.8.6
Operating systems Windows 8+
Palo Alto's GlobalConnect VPN, when using Domain Split Tunnel mode, does not function correctly when Sophos Web Protection or Web Control are enabled. In regular mode (no Split Tunnel) and IP split tunnel mode it works correctly.
The Development team has investigated this issue and determined that the method that is used for our Web Protection/Web Control and the method that Palo Alto uses for the Domain Split Tunnel decision making are incompatible.
There are two workarounds for this issue:
Note: Turning off Web Protection and Web Control will reduce protection. Sophos will no longer be able to block websites, or scan their content for malware. Downloads are still scanned for malware, but only after they are written to disk. Intercept X also helps protect the system from malware trying to break out of the browser.
Sign up to the Sophos Support SMS Notification Service to get the latest product release information and critical issues.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.