Forum Discussion

Miguel_1400's avatar
Icon for Nimbostratus rankNimbostratus
Aug 16, 2023

Vpn Always connected mode


We have the Big-ip edge client with the Always Connected mode and I would like to know if it's possible to add some exlcusion to allow explicit IP destination to do not pass througt the VPN SSL ? I know it's possible to add exclusion list but this one is only valable when the big-ip edge client isn't already connected and is in block mode right ? 

Is it possible in full tunneling or only on split ? 




4 Replies

    • Miguel_1400's avatar
      Icon for Nimbostratus rankNimbostratus

      Hello  Paulius

      Thank you for your reply 🙂 

      Can I configure my Big-IP edge client on Always Connected Mode and use Split tunneling ? Can I configure an Wildcard on the Network acces so all traffic would go thought the VPN SSL and Exclude some IPv4 to pass thougt the local user gateway ?

      If yes, this kind of configuration still "best practice" ou it's " bricolage" ?


      • Paulius's avatar
        Icon for MVP rankMVP

        Miguel_1400 Sadly I'm not familiar enough to know if Always Connected Mode allows for split tunneling but I would imagine it does because it's only how you define traffic that makes it go through a specific path be it a VPN or anything else that's routed. As for a wildcard for include and then choose to exclude wont work because I believe the F5 is configured an include only. Now you can tunnel all and then exclude specific DNS names but that's about it for a combination of include and exclude I believe.

  • Miguel_1400 - If your post was solved it would be helpful to the community to select *Accept As Solution*.
    This helps future readers find answers more quickly and confirms the efforts of those who helped.
    Thanks for being part of our community.