Related Features

FQDN based split tunneling works well along with the following additional features:

Ivanti Connect Secure Split Tunneling Overview

Split tunneling is configured as a part of the role that is assigned to a user after authentication. When the client and Ivanti Connect Secure (ICS) establish a VPN tunnel, the Ivanti server takes control of the routing environment on the endpoint to ensure that only permitted network traffic is allowed access through the VPN tunnel. Split tunneling settings enable you to further define the VPN tunnel environment by permitting some traffic from the endpoint to reach the local network or another connected subnet. When split tunneling is enabled, split tunneling resource policies enable you to define the specific IP network resources and FQDN resources that are excluded from access or accessible through the VPN tunnel.

For more information on Ivanti Connect Secure Split Tunneling, see section Ivanti Connect Secure Split Tunneling Overview in PDC Admin Guide.

FQDN Access Control Policies (ACL)

Admin can configure IPv4/IPv6/FQDN addresses in the following 2 ways:

•Simple Rules

•Detailed Rules

Simple Rules: Admin can configure IPv4/IPv6/FQDN addresses with allow/deny rules. These rules permit/deny access to an IPv4/IPv6/FQDN resource based on the IPv4/IPv6/FQDN address configured.

Detailed Rules: Admin can configure IPv4/IPv6/FQDN addresses with allow/deny rules with conditions. These rules permit/deny access to an IPv4/IPv6/FQDN resource based on the IPv4/IPv6/FQDN address configured when the condition matches.

Every entry in the ACL policy corresponds to 2 entries in the FORWARD chain in iptables/ip6tables. One in the inbound direction and the other in the outbound direction.

For more information, see Writing a Detailed Rule for VPN Tunneling Access Control Policies ACL in Ivanti Connect Secure Admin Guide.

IPv4 Split Tunneling: Ivanti VPN now allows accessing both IPv4, IPv6 corporate resources from IPv4 and IPv6 endpoints and FQDN resources. It enables client to access both corporate network and local network at the same time. The network traffic designated is directed to tunnel interface for corporate network by configuring route policies, whereas other traffic is sent to direct interface.

All configurations to IPv6 are similar to IPv4.

For more information, see section IPv6/IPv4 Split Tunneling in PDC Admin Guide.