Basic Concept: Split DNS lets GlobalProtect resolve selected domains through VPN DNS while leaving other names to local DNS. This improves performance without breaking internal name resolution.
Why A is Correct: The policy selectively resolves listed corporate domains through the tunnel and leaves all other lookups local.
Why B is Wrong: It blocks access to all domains that are not explicitly listed in the split tunnel configuration. relates to VPN configuration, but it does not address the specific PAN-OS requirement for selectors, tunnel interface functions, routing, or Security policy in this scenario.
Why C is Wrong: It forces all applications to use the corporate DNS servers, regardless of the split tunnel settings for IP traffic. relates to VPN configuration, but it does not address the specific PAN-OS requirement for selectors, tunnel interface functions, routing, or Security policy in this scenario.
Why D is Wrong: It creates a DNS proxy on the client endpoint that forwards all queries to the firewall for inspection. relates to VPN configuration, but it does not address the specific PAN-OS requirement for selectors, tunnel interface functions, routing, or Security policy in this scenario.
Submit