Basic Concept: GlobalProtect split tunneling can separately control network routes and DNS resolution. Split DNS decides whether queries for specific domains use VPN-assigned DNS servers or local DNS.
Why D is Correct: The Both Network Traffic and DNS option allows selected domains to resolve through corporate DNS while other domains use the endpoint's local resolver.
Why A is Wrong: It specifies when the secondary DNS server is used for resolution to allow access to specific domains that are not managed by the VPN. relates to VPN configuration, but it does not address the specific PAN-OS requirement for selectors, tunnel interface functions, routing, or Security policy in this scenario.
Why B is Wrong: It allows users to access internal resources when connected locally and external resources when connected remotely using the same FQDN. relates to VPN configuration, but it does not address the specific PAN-OS requirement for selectors, tunnel interface functions, routing, or Security policy in this scenario.
Why C is Wrong: It allows devices on a local network to access blocked websites by changing which DNS server resolves certain domain names. relates to VPN configuration, but it does not address the specific PAN-OS requirement for selectors, tunnel interface functions, routing, or Security policy in this scenario.
