FQDN Resource and Split Tunneling with Proxy Server
FQDN (Fully Qualified Domain Name) based split tunneling with proxy server allows to configure split tunneling rules by directly specifying the domain names. This feature adds the following support for proxy when using FQDN based split tunnel:
•FQDN based split tunneling with Server-side proxy
•FQDN based split tunneling with Client-side proxy
Proxy IP must be included in the split tunneling allow policy.
IPv6 is not supported.
The following table describes the different scenarios for FQDN based split tunneling with Proxy Server:
|
IPv4 |
FQDN |
Expected Behavior |
|
|---|---|---|---|
|
Scenario1 |
|||
|
Allow |
1.1.1.0/24 |
1.1.1.1.0 pointing to the tunnel interface. 2. All other IPv4 go through physical interface. 3. FQDN resources are not considered, depends on the IPv4 default route if present will go through the tunnel interface else through physical interface. |
|
|
Deny |
|||
|
Scenario2 |
|||
|
Allow |
1.1.1.1.0 pointing to physical interface. 2.All other IPv4 traffic except 1.1.1.0/24 will go through the tunnel interface. 3.FQDN resources are not considered, depends on the IPv4 default route if present will go through the tunnel else though physical interface |
||
|
Deny |
1.1.1.0/24 |
||
|
Scenario3 |
|||
|
Allow |
1.Traffic for "www.google.com" will go through the Tunnel. 2. All other FQDN traffic will go through the physical adapter. 3. All IPv4 traffic will go through the physical adapter. |
||
|
Deny |
|||
|
Scenario4 |
|||
|
Allow |
1.Traffic for "www.google.com" will go through the physical adapter. 2.All other FQDN traffic will go through the tunnel adapter. 3. All IPv4 traffic will go through the virtual adapter. |
||
|
Deny |
|||
|
Scenario5 |
|||
|
Allow |
1.1.1.0/24 |
1.Traffic for "1.1.1.0/24" and "www.google.com" will go through the tunnel. 2. All other IPv4 and FQDN traffic will go through physical adapter. |
|
|
Deny |
|||
|
Scenario6 |
|||
|
Allow |
1.Traffic for "www.google.com" will go through the physical adapter. 2.All other FQDN resource will go through tunnel. |
||
|
Deny |
1.1.1.0/24 |
||
|
Scenario7 |
|||
|
Allow |
1.1.1.0/24 |
1.Traffic for 1.1.1.0/24 will go through the tunnel. 2.All other IPv4 traffic will go through the physical adapter. 3.Traffic for "www.google.com" will go through physical adapter. 4.All other FQDN traffic will go through the tunnel. |
|
|
Deny |
|||
|
Scenario8 |
|||
|
Allow |
1.1.1.0/24 |
1.Traffic for 1.1.1.0/24 will go through tunnel. 2.Traffic for 2.2.2.0 and other IPv4 traffic will go through the physical adapter. 3.Traffic for all FQDN will go through the Physical adapter. 5. FQDN resources are not considered, depends on the IPv4 default route if present will go through the tunnel else through physical interface |
|
|
Deny |
2.2.2.0/24 |
||
|
Scenario9 - Need to include proxy server IP under allow. |
|||
|
Allow |
1.Traffic for "www.google.com" will go through tunnel. 2.Traffic for "www.facebook.com" will go through physical adapter 3. All IPv4 traffic will go through the physical adapter. |
||
|
Deny |
|||
|
Scenario10 |
|||
|
Allow |
1.Traffic for "www.google.com" will go through the tunnel. 2.Traffic for all other FQDN will go through physical adapter. 3.Except 1.1.1.0/24, Traffic for all IPv4 will go through the virtual adapter. |
||
|
Deny |
1.1.1.0/24 |
||
|
Scenario11 - Need to include proxy server IP under allow. |
|||
|
Allow |
1.1.1.0/24 |
1.Traffic for "1.1.1.0/24" and "www.google.com" will go through the tunnel. 2.All other IPv4 and FQDN will go through the physical adapter including 2.2.2.0/24 except 1.1.1.0/24. |
|
|
Deny |
2.2.2.0/24 |
||
|
Scenario12 |
|||
|
Allow |
1.1.1.0/24 |
1.Traffic for "1.1.1.0/24”, "2001:4860:4860::8888", and "www.google.com" will go through the tunnel. 2.All other IPv4 and FQDN traffic will go through the physical adapter. |
|
|
Deny |
|||
|
Scenario13 |
|||
|
Allow |
1.www.google.com will go through the tunnel. All other FQDN resources which are not mentioned will go through the physical interface including www.facebook.com. 2. All the IPv4 resources will go through the tunnel except 2.2.2.0/24. |
||
|
Deny |
2.2.2.0/24 |
||
|
Scenario14 |
|||
|
Allow |
1.1.1.0/24 |
1.Traffic for 1.1.1.0/4 and "www.google.com" will go through tunnel. 2.All other IPv4 and FQDN will go through the physical adapter. |
|
|
Deny |
2.2.2.0/24 |
||
|
Scenario15 |
|||
|
Allow |
1.1.1.0/24 |
1.Traffic for "1.1.1.0/24" will go through tunnel. 2. Traffic for all other IPv4 will go through the physical adapter. 3.Traffic for "www.facebook.com" will go through the physical adapter. 4.All other FQDN traffic will go through the tunnel. |
|
|
Deny |
2.2.2.0/24 |
||