Split-Tunnel

When a WPC connection is set up, an encrypted tunnel is created over the Internet to the Cloud Region. The WPC connection appears as a virtual Network interface to the computer in addition to the existing LAN interface. Now, it becomes possible to use both interfaces simultaneously by sending the private traffic destined to the Cloud WPC inside the WPC tunnel and the public traffic (Internet traffic) over the other interface (outside the WPC tunnel). When the traffic is split between the WPC interface and other interfaces, split tunneling is said to be in use. When split tunneling is not in use all the traffic uses the WPC interface resulting in the internet traffic too being sent to the Cloud.

The Administrator should set the Split-Tunnel ON/OFF as desired for the internet access setting associated with User Groups, Networks, and Hosts.

The Split-Tunnel ON is the default value for the internet access setting associated with User Groups, Networks, and Hosts. Only when a Network is set as Internet Gateway does the Split-Tunnel OFF value appear as an option for the internet access setting associated with User Groups, Networks, and Hosts.

After setting a Network to act as Internet Gateway, Split-Tunnel OFF can be chosen as an option for the internet access setting associated with User Groups, Networks, and Hosts. Once the internet access setting is set to Split-Tunnel OFF for the desired User Groups, Networks, and Hosts, internet traffic from those sources will egress out of the WPC via the one or more Networks set as Internet Gateway. This is useful because it can allow the internet traffic to be routed to security tools present in the Internet Gateway Networks which can enforce corporate security policies. Another reason would be to utilize NAT to mask the source IP address of the internet traffic to make it appear that it originated from the Internet Gateway Network. This would allow the public IP address of the Internet Gateway Network’s Connector to be used in whitelisting access to SaaS tools.