GlobalProtect
Split Tunnel Traffic on GlobalProtect Gateways
Table of Contents
Split Tunnel Traffic on GlobalProtect Gateways
Configure split tunnel traffic on GlobalProtect gateways.
You can configure split tunnel traffic based on an access
route, destination domain, application, and HTTP/HTTPS video streaming
application.
With a GlobalProtect subscription, you can enforce or apply
split tunnel rules to Windows and macOS endpoints.
The split tunnel capability allows you to conserve bandwidth
and route traffic to:
- Tunnel enterprise SaaS and public cloud applications for comprehensive SaaS application visibility and control to avoid risks associated with Shadow IT in environments where it is not feasible to tunnel all traffic.
- Send latency-sensitive traffic, such as VoIP, outside the VPN tunnel, while all other traffic goes through the VPN for inspection and policy enforcement by the GlobalProtect gateway.
- Exclude HTTP/HTTPS video streaming traffic from the VPN tunnel. Video streaming applications, such as YouTube and Netflix, consume large amounts of bandwidth. By excluding lower risk video streaming traffic from the VPN tunnel, you can decrease bandwidth consumption on the gateway.
The split tunnel rules are applied for Windows and macOS endpoints
in the following order:
Refer to the following sections on how to configure split tunnel
traffic on the gateways: