Split tunneling means you route only the desired subnet into the tunnel. For example the office subnet is 192.168.1.0/24 and this is routed inside. The firewall can scan this traffic and you can apply rules as such.
The problem here is all other traffic, like general web browsing, is egressing from the endpoint to the ISP and not through the NGFW.
Simple put the endpoint has 2 connections - 1 for the office and the other for everything else.
Full tunneling means you route EVERYTHING into the NGFW, via security rules and scanning profiles, just like if the endpoint would be inside the corporate network. Security wise this is the best option.This also means increased traffic through the firewall because ALL browsing from GP connected endpoints passes through the firewall.
Hope this helps,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!