https://live.paloaltonetworks.com/t5/general-topics/globalprotect-pre-login-split-tunnel-best-practise/m-p/235007#M67371 <P>Hello,</P><P>I guess it depends on your companies requirements. We are under so many complance acronyms that split-tunneling is a no no.&nbsp; I'm sure there are use cases where split-tunneling is a good thing. However my approach is what's wrong wtih tunneling everything back to home base? This way all traffic is scanned and inspected by this wonderfully complex and expensive device called a PAN.&nbsp;</P><P>&nbsp;</P><P>Hope that helps.</P> Thu, 11 Oct 2018 19:30:04 GMT OtakarKlier 2018-10-11T19:30:04Z https://live.paloaltonetworks.com/t5/general-topics/globalprotect-pre-login-split-tunnel-best-practise/m-p/234983#M67367 What is the recommended config for the split tunnel for pre-login? Our users when authenticated are fully tunnelled back to us. Thu, 11 Oct 2018 19:06:06 GMT https://live.paloaltonetworks.com/t5/general-topics/globalprotect-pre-login-split-tunnel-best-practise/m-p/234983#M67367 welly_59 2018-10-11T19:06:06Z https://live.paloaltonetworks.com/t5/general-topics/globalprotect-pre-login-split-tunnel-best-practise/m-p/235007#M67371 <P>Hello,</P><P>I guess it depends on your companies requirements. We are under so many complance acronyms that split-tunneling is a no no.&nbsp; I'm sure there are use cases where split-tunneling is a good thing. However my approach is what's wrong wtih tunneling everything back to home base? This way all traffic is scanned and inspected by this wonderfully complex and expensive device called a PAN.&nbsp;</P><P>&nbsp;</P><P>Hope that helps.</P> Thu, 11 Oct 2018 19:30:04 GMT https://live.paloaltonetworks.com/t5/general-topics/globalprotect-pre-login-split-tunnel-best-practise/m-p/235007#M67371 OtakarKlier 2018-10-11T19:30:04Z