Split Tunneling Disabled
When the endpoint has an active VPN tunnel connection, and split tunneling is disabled, the default route is modified to send all network traffic from the endpoint through the VPN tunnel where it is bound by the VPN access control and resource polices. If you set route precedence to endpoint routes, all network traffic goes through the VPN tunnel except traffic that is destined for directly-connected (local) subnets and indirectly connected (routed) subnets. The Pulse Secure clients for Windows and OS X also support the following option to permit limited access to the local network:
- If the Pulse connection set is configured to allow the user to override the connection policy, the user can manually suspend the active Pulse connection to enable access to the local network. In the network in Figure 37, the user could suspend the Pulse connection to access the local printer, which resides on the same subnet as the Pulse endpoint. Suspending the Pulse connection is a manual method. The user must suspend the connection to access to local subnet and then resume the connection to restore connectivity through the tunnel. While the connection is suspended, no traffic goes through the tunnel.
- You can configure the split tunneling properties to allow access to the local subnet. With split tunneling disabled and local subnet access allowed, network traffic goes through the tunnel except for addresses that are on the local subnet. In the network in Figure 37, the user could print to the local printer but other traffic would go through the default route to the tunnel. No traffic would go through the subnet router 192.168.0.2.