This Nominated Discussion Article is based on the post "Given Tunnel Interface IP is wrong but still tunnel is up".

This Nominated Discussion Article is based on the post "Bring Down IPsec Tunnel Manually" by @j.nepomuceno and responded to by @TomYoung and @Raido_Rattameister . Read on to see the discussion and solution!     I am troubleshooting an issue where I need to bring down the IPsec tunnel manually, what is the best way to do this in GUI or CLI? Thanks   Depending on whether you want to bounce the tunnel or actually disable it, you have different options.   The following CLI commands will tear down the VPN tunnel (phase1 & phase2 respectively): Phase 1 > clear vpn ike-sa gateway <gw-name>​ Phase 2 > clear vpn ipsec-sa tunnel <tunnel-name>​   Follow these steps to clear (bounce) a tunnel using the GUI: Phase 1 Goto Network > IPsec tunnels and select your tunnel Click IKE-Info At the bottom, click the action you want (Refresh or Restart)   Phase 2 Goto Network > IPsec tunnels and select your tunnel Click Tunnel-Info At the bottom, click the action you want (Refresh or Restart)   Instead of bouncing, you can also choose to disable/enable IKE gateways or IPsec tunnels.   Enable/Disable an IKE Gateway Go to Network  > Network Profiles > IKE Gateways and select the gateway in question.   Click Enable/Disable at the bottom of the screen   Enable/Disable an IPsec tunnel Go to Network  > IPSec Tunnels and select the tunnel in question Click Enable/Disable at the bottom of the screen   For more information: Refresh or Restart an IKE Gateway or IPSec Tunnel How to check Status, Clear, Restore, and Monitor an IPSEC VPN Tunnel Enable or Disable an IKE Gateway or IPSec Tunnel How to Troubleshoot IPSec VPN connectivity issues

This article is based on a discussion, What does No Direct access to Local Network actually do and when do we use it??, posted by @Schneur_Feldman and answered by @BPry and @OtakarKlier. Read on to see the discussion and solution!   Can anyone please explain SIMPLY to me what the "No Direct access to Local Network" under Global Protect actually does and mostly when are we supposed to use it?   Basically what does it block and when should we enable it? Full tunnel? Split tunnel? Only split tunnel domain? It restricts outgoing traffic on the local connected subnet. Instead of that traffic exiting through the local physical adapter like you would expect, the traffic is sent through the tunnel and (usually) dropped by the firewall. There's some behavioral considerations when it comes to existing traffic since macOS won't terminate the existing sessions like Windows does.   When you enable this feature really depends on your own configuration/environment requirements. I'd personally recommend enabling it across the board, but I know some environments don't go that far because it breaks local network functions like network printing to someone's home printer.   This feature is to satisfy compliance requirements around 'No Split Tunneling'. It prevents a user from being on VPN and, at the same time, connecting to their local systems on their home network (as an example).   For example: If your home subnet is 192.168.1.0 and your GP subnet is 10.0.0.0. By enabling "No Direct access to Local Network," you won't be able to access for example a printer on the local 192.168.1.0 network while being connected to the VPN.   Essentially you'll be cutting off Local LAN access.