- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
08-24-2021 08:53 AM
Hey guys can anyone tell me the proper definition of split tunnel and full tunnel in Global protect. within proper life example, please.
08-25-2021 04:55 AM
Hi
Split tunneling means you route only the desired subnet into the tunnel. For example the office subnet is 192.168.1.0/24 and this is routed inside. The firewall can scan this traffic and you can apply rules as such.
The problem here is all other traffic, like general web browsing, is egressing from the endpoint to the ISP and not through the NGFW.
Simple put the endpoint has 2 connections - 1 for the office and the other for everything else.
Full tunneling means you route EVERYTHING into the NGFW, via security rules and scanning profiles, just like if the endpoint would be inside the corporate network. Security wise this is the best option.This also means increased traffic through the firewall because ALL browsing from GP connected endpoints passes through the firewall.
Hope this helps,
Shai
08-28-2021 04:26 AM
Exactly as per @ShaiW .
but we have all traffic, office based and internet base tunnelled via GP and only split tunnel local traffic for teams and outlook. Those 2 applications account for approx 80% of user bandwidth so helps to prevent gateway isp links from melting...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!