Split Tunnel Traffic on GlobalProtect Gateways


Split Tunnel Traffic on GlobalProtect Gateways

Table of Contents

Split Tunnel Traffic on GlobalProtect Gateways

Configure split tunnel traffic on GlobalProtect gateways.
Where Can I Use This?
What Do I Need?
  • macOS and Windows endpoints running any currently supported GlobalProtect app version.
  • Linux endpoints running GlobalProtect app 6.1 or later. Linux endpoints support domain and access route-based split tunneling only; application-based split tunneling not supported on Linux.
  • GlobalProtect gateway subscription
You can configure split tunnel traffic based on an access route, destination domain, application, and HTTP/HTTPS video streaming application.
The split tunnel capability allows you to conserve bandwidth and route traffic to:
  • Tunnel enterprise SaaS and public cloud applications for comprehensive SaaS application visibility and control to avoid risks associated with Shadow IT in environments where it is not feasible to tunnel all traffic.
  • Send latency-sensitive traffic, such as VoIP, outside the VPN tunnel, while all other traffic goes through the VPN for inspection and policy enforcement by the GlobalProtect gateway.
  • Exclude HTTP/HTTPS video streaming traffic from the VPN tunnel. Video streaming applications, such as YouTube and Netflix, consume large amounts of bandwidth. By excluding lower risk video streaming traffic from the VPN tunnel, you can decrease bandwidth consumption on the gateway.
The split tunnel rules are applied following order:
On Linux endpoints, only domain and access route rules are applied.
Refer to the following sections on how to configure split tunnel traffic on the gateways:

Recommended For You