Skip to main content
RayRuest
RayRuest
New Member
March 12, 2020
Question

SSL VPN - Selective Split-tunneling

  • March 12, 2020
  • 1 reply
  • 2650 views

I am new to firewalls, so I hope this isn't a dumb question.  We are preparing to possibly have a large portion of our work population now working from remote.  We know this will be a huge strain on our VPN setup.  We are required by our parent company to avoid split-tunnel, but are in the process of getting an exception for this due to the coronavirus outbreaks.

 

That being said, we would like to be a bit more conservative in our approach.  Is it possible to require all traffic to go through the corporate network EXCEPT certain IPs or URLs?  It seems simple to configure to allow all non-corporate traffic to split, but not a select list.  

 

In a simple example: What if we wanted sites like YouTube.com to split, but nothing else?  This is a SUPER simplification to help explain my question.  :)  

 

Thanks in advance!

Ray

    1 reply

    emnoc
    emnoc
    New Member
    March 12, 2020

    You can apply a ip list and do split tunneling but a URL, no way to that unless you knew the IPs. Keep in mind SSL or IPSEC vpn traffic is going to impact your firewall and traffic throughput make sure your firewall is up to the job.

     

    FWIW we had a customer who wanted the same thing any tried to route 80+ users thru a 100D and had major problems. In the end they  deploted forticlient to give them the on/off-network security and to control the users. I would explore that approach if I was you.

     

     

     

    Ken Felix

     

    Terms & ConditionsAccessibility statement