Split Tunnel to Exclude by Access Route
You can now exclude specific destination IP subnet traffic from being sent over the VPN tunnel. With this feature, you can send latency sensitive or high bandwidth consuming traffic outside of the VPN tunnel while all other traffic is routed through the VPN for inspection and policy enforcement by the GlobalProtect gateway.
Now, the routes you send through the VPN tunnel can be defined either as the routes you include in the tunnel, or as routes that you exclude from the tunnel, or a combination of both. For example, you can set up split tunneling to allow remote users to access the internet without going through the VPN tunnel. More specific routes take precedence over less-specific routes. If you don’t include or exclude routes, every request is routed through the tunnel (no split tunneling).
- Select the gateway you want to modify, or add a new gateway.
- Enable tunneling and configure the tunnel parameters for an agent configuration.
- On the GlobalProtect Gateway Configuration dialog, selectto add or modify client settings for the agent.AgentClient Settings
- Selectto define a split tunnel configuration for the client.Client SettingsSplit TunnelWith a split tunnel, you can define the traffic that flows through the VPN by including routes, excluding routes, or both. In some cases, it can be easier to specify the routes you want the client to exclude, rather than specifying all the routes you want to include. For example, if you want to tunnel everything except one or two class C networks, you can exclude these few networks rather than compiling a long list of the networks you want to include.If you only exclude routes, all other routes are included by default. If you only include routes, all other routes are excluded by default. In the case of a conflict between included and excluded routes, the more specific route configuration will be honored.
- Make sureNo direct access to local networkis disabled. This setting disables split tunneling for networks on Windows and Mac OS.
- (Optional) In theIncludesarea,Addthe destination subnets or address object (of type IP Netmask) to route only some traffic—likely traffic destined for your LAN—to GlobalProtect.These are the routes the gateway pushes to the remote users’ endpoint and thereby determines what traffic the users’ endpoint can send through the VPN connection.
- (Optional) In theExcludesarea,Addthe destination subnets or address object (of typeIP Netmask) that you want the client to exclude.These routes will be sent through the endpoint’s physical adapter rather than through the virtual adapter (the tunnel). Excluded routes should be more specific than the included routes; otherwise, you may exclude more traffic than you intended.Excluding routes is not supported on Android. Only IPv4 routes are supported on Chrome.
- Save the gateway configuration.
- Commityour changes.
Recommended For You
Recommended videos not found.