Split Tunnel Traffic on GlobalProtect Gateways

Configure split tunnel traffic on GlobalProtect gateways.
You can configure split tunnel traffic based on an access route, destination domain, application, and HTTP/HTTPS video streaming application.
The split tunnel capability allows you to conserve bandwidth and route traffic to:
  • Tunnel enterprise SaaS and public cloud applications for comprehensive SaaS application visibility and control to avoid risks associated with Shadow IT in environments where it is not feasible to tunnel all traffic.
  • Send latency-sensitive traffic, such as VoIP, outside the VPN tunnel, while all other traffic goes through the VPN for inspection and policy enforcement by the GlobalProtect gateway.
  • Exclude HTTP/HTTPS video streaming traffic from the VPN tunnel. Video streaming applications, such as YouTube and Netflix, consume large amounts of bandwidth. By excluding lower risk video streaming traffic from the VPN tunnel, you can decrease bandwidth consumption on the gateway.
The split tunnel rules are applied for Windows and macOS endpoints in the following order:
Refer to the following sections on how to configure split tunnel traffic on the gateways:

Recommended For You