Managing extensive lists of excluded or included domains and access routes for GlobalProtect can be challenging when network needs change frequently. Modifying these configurations often requires manual updates to the GlobalProtect gateway, slowing down deployment and scaling.

Enhanced Split Tunnel addresses this operational challenge by allowing you to manage the list of domains, access routes, and applications using a configuration file hosted in your local environment. This key feature allows you to update split-tunnel settings without having to modify the configuration on the GlobalProtect gateway. Furthermore, this capability significantly increases the total capacity for defined split-tunnel entries, allowing you to scale your definitions from 200 up to 1,000 domains and routes. GlobalProtect® endpoints automatically retrieve the digitally signed configuration file, authenticating securely to the web server using a certificate pushed from the portal.