FQDN resource and IPv4 resource-based Split Tunneling Conflict

From 9.1R2 release onwards, FQDN resource preference will be based on the applied FQDN rule, in case of the conflict between FQDN resource and IPv4 resource.

Administrator can provide FQDN resource precedence over IPv4 resource, in case of the conflict, with the following configuration.

To configure the FQDN resource precedence over IPv4 resource, perform the following steps:

1.Go to System > Configurations > VPN Tunneling.

The following screen appears:

Prefer FQDN resources over IP resources in case of a split tunneling conflict

2.Select the Prefer FQDN resources over IP resources in case of a split tunneling conflict check box.

If the check box is not checked, IPv4 resource will be given preference over FQDN resource.

The above check box is to give precedence for FQDN resource over IPv4 resource only in case of conflict between FQDN resource and IPv4 resource.

In case of conflict between FQDN resource and IPv4 resource, FQDN will be given preference, by default.

The following table describes the different conflicting scenarios for FQDN based split tunneling with respect to the IPv4 resource.

In the below table, FQDN resource www.google.com resolves to the IP address 1.1.1.1.

Include Policy/ Exclude Policy

IPv4

FQDN

Client New Behavior
(9.1R2 and above)

Case 1 –

“Prefer FQDN resources over IP resources in case of a split tunneling conflict” check box is checked; hence

FQDN resource is given preference over IP resource.

Scenario - 1

Include Policy

 

www.google.com

www.google.com will go through the tunnel.

 

Exclude Policy

1.1.1.1

 

Scenario - 2

Include Policy

1.1.1.1

 

www.google.com will not go through the tunnel.

 

Exclude Policy

 

www.google.com

Case 2 –

“Prefer FQDN resources over IP resources in case of a split tunneling conflict” check box is un-checked; hence IP resource is given preference over FQDN resource.

Scenario - 1

Include Policy

1.1.1.1

 

www.google.com will go through the tunnel.

 

Exclude Policy

 

www.google.com

Scenario - 2

Include Policy

 

www.google.com

www.google.com will not go through the tunnel.

 

Exclude Policy

1.1.1.1