TL;DR
Yes, your company using GlobalProtect can likely see the websites you visit. However, it depends on their configuration and whether you’re using a browser extension or split tunneling. Here’s how to find out and what you can do.
Understanding How GlobalProtect Works
GlobalProtect creates a secure connection (a VPN) between your computer and your company network. All internet traffic usually goes through this connection, allowing the company to monitor it.
Checking Your GlobalProtect Connection Status
- Look for the GlobalProtect icon: This is typically in your system tray (bottom-right corner of your screen on Windows) or menu bar (top of the screen on macOS).
- Check connection details: Right-click the icon and look for options like ‘Connection Details’ or ‘Status’. This will show if you’re connected.
How Your Company Can Track Websites
There are several ways your company can monitor your web activity through GlobalProtect:
- Full Tunnel: If GlobalProtect is configured for ‘full tunnel’, all your internet traffic goes through the company network. This means they can see every website you visit, including URLs and potentially even content (depending on further security measures).
- Split Tunnel: With ‘split tunnel’, only traffic destined for the company network goes through GlobalProtect. Other traffic (like browsing general websites) might bypass it. However, your company may still be able to see DNS requests, revealing which websites you’re trying to access.
- DNS Logging: Even with split tunneling, your company can log Domain Name System (DNS) requests. This shows the website addresses you’ve asked your computer to find, even if the actual content isn’t routed through GlobalProtect.
- Browser Extensions/Policies: Some companies install browser extensions or configure policies that report browsing activity regardless of the VPN connection.
How to Check If Split Tunneling is Enabled
Unfortunately, you usually can’t determine this yourself. You’ll need to ask your IT department.
Steps to Find Out What Your Company Sees
- Contact your IT support: The most reliable way is to directly ask your company’s IT helpdesk or cyber security team about their GlobalProtect configuration. Specifically, ask:
- Is full tunnel or split tunneling used?
- Are DNS requests logged even with split tunneling?
- Are any browser extensions installed for monitoring purposes?
- What data is collected and how long is it retained?
- Check your company’s acceptable use policy: This document should outline what internet activity is monitored.
Things You Can Do (With Caution)
Important Note: Circumventing company security policies can have serious consequences, including disciplinary action or termination of employment. Always check your company’s policy before attempting any of these steps.
- Use a personal browser for sensitive browsing (if allowed): If split tunneling is enabled and your company doesn’t monitor all traffic, using a separate browser for personal activities might help.
- HTTPS: Always use websites with HTTPS encryption (look for the padlock icon in your browser’s address bar). This encrypts the content of your communication, making it harder to intercept. However, your company can still see the website address.
- Be aware of privacy policies: Understand how the websites you visit collect and use your data.
Checking DNS Leaks (Advanced)
This is a more technical step to verify if your DNS requests are going through GlobalProtect.
- Use a DNS leak test website: Several websites can check which DNS servers your computer is using. Examples include DNSLeakTest and BrowserLeaks DNS.
- Connect to GlobalProtect: Start a GlobalProtect connection before running the test.
- Analyze the results: If the DNS servers listed are your company’s, it suggests that your DNS requests are being routed through GlobalProtect. If you see public DNS servers (like Google or Cloudflare), it indicates a potential DNS leak and that your requests might be visible outside of the VPN tunnel.