Forum Discussion
Secure access client when PC is On-prem
Greetings everyone,
I am testing out the Global Secure Access preview. I've successfully gotten it to work with some on-premise SMB shares. Remotely, everything is excellent.
My concern, when my PC goes back into my on-premise environment, it is still using the Global Access client and app proxy to access those same SMB servers. Pinging the servers drops packets, if I pause the GA client, no dropped packets. Pausing the GA client allows for faster access to these SMB shares too.
Is there a config that I missed where I can exempt the client when in my on-premise setup without me having to the pause the GA client?
3 Replies
We've been having similar issues, though I believe this may be by design. The Global Secure Access Client appears to not care whether you're on the LAN with the target or not, it always proxies the connection unless you pause the client. I was testing the client with RDP - it worked greate remotely. However, when I was on prem with the server I was RDPing in to with the client active, my round trip time was >100ms, with the client paused, it was <1ms.
I appreciate that this allows us to layer on modern auth and conditional access regardless of where the client is in relation to the target resource, but this needs to be a behavior that I as an administrator have control over because - in most cases - we'd rather the client not proxy at all if they don't need to, especially considering the performance implications we've witnessed.No config changes but the ping responses have gotten much better. Pinging my on-prem file server while on prem now actually resolves the local IP address rather than the 6.6.0.2 address that seems to be part of the proxy flow.
Actual response when accessing files and folders on the file server is still slower with the client enabled but not by a ton. Oddly, if I tracert to the file server from inside, it hops a vlan as expected and goes right to the file server, rather than out the proxy and back in like I thought it might.
