Forum Discussion
shashe
Cirrus
Cirrussplit-tunnel but include some public URLs.
How can I configure a split-tunnel on APM for all the private IPs but also include some FQDNs that resolve to public IPs to go through the tunnel?
AlexBCT
Cumulonimbus
CumulonimbusHi Shashe,
Yes, filling in the Public IP's as well as the FQDN's is what's needed - this will ensure the correct routes get injected when the tunnel gets created and the traffic traverses the tunnel. Yes, you can also use wildcards, as well as subnet definitions. If you have a whole bunch of separate IP's though, that will be quite a bit of work indeed.
If possible, you may then want to have a look at using the dynamic Address Space feature, which relies on an endpoint (Discovery URL) somewhere that contains (and maintains) a list of IP's that are relevant for that application. There are two predefined examples for Zoom and Office365 that you can use as examples.
For the rest I'd recommend just giving a test, and see where the traffic gets routed through.
Hope this helps.
shasheAlexBCT Thanks for your response. I tried placing the wildcards(for e.g. *.example.com) in the DNS address space under Network settings in Connectivity/VPN tab. DNS requests are traversing the tunnel but http traffic to site.example.com is not traversing the tunnel. I donot want to add the IPs of all the sites/apps as they are too many and dynamic. Can you please help configure this?Thanks.