Hi Split tunneling means you route only the desired subnet into the tunnel. For example the office subnet is 192.168.1.0/24 and this is routed inside. The firewall can scan this traffic and you can apply rules as such. The problem here is all other traffic, like general web browsing, is egressing from the endpoint to the ISP and not through the NGFW. Simple put the endpoint has 2 connections - 1 for the office and the other for everything else. Full tunneling means you route EVERYTHING into the NGFW, via security rules and scanning profiles, just like if the endpoint would be inside the corporate network. Security wise this is the best option.This also means increased traffic through the firewall because ALL browsing from GP connected endpoints passes through the firewall. Hope this helps, Shai
... View more