Tunnel Exclusions and its capabilities
02/28/2023 10 People found this article helpful 321,130 Views
Description
This article describes the Tunnel Exclusion feature to excludes host names, IP addresses, subnets, IP ranges, or domains from being redirected to the appliance.
Resolution
How to create an "Exclusion" and have this object associated with Community:
- An Exclusion does not have any effect unless used by a community. It can be public or private names/addresses or names resolved by an appliance.
- To use an exclusion in a Community, configure the Tunnel Access settings to use one or more exclusions.
- These exclusions apply to both Split Tunnel and Redirect All Tunnel sessions.
- When using Split Tunnel redirection mode, access agents and browsers will redirect connections to the appliance only for destination resources which you have defined.
- Exclusions do not affect access control and to disallow access to a particular resource, create a deny rule.
NOTE: WildCard resource exclusion is not supported while working with Split Tunnel based Community(s).
Steps to Configure Resource Exclusion:
- Navigate to Management Console | Resources |Exclusion.
- Click on NEW to create an Exclusion list which could be used in a community/(s) for not redirecting the traffic through Tunnel Interface and forcing it to pass through end-user Local network interface.
NOTE:
a) Exclusion created need to be associated with Community/(s). Until associated, these exclusions stay.
b) We can add upto 500 exclusion under one Exclusion object.
c) Exclusions could be copied from clipboard and pasted.
d) Once Exclusion list added we need to Save and applied with pending changes.
e) Apply pending changes could also be done post associating with Community(s)
Steps to associate the exclusion to a community/(s) :
- Navigate to Management Console | Realms | (Select Realm-Community which needs exclusion associated) | Community | Tunnel Access |Exclusion >Edit to associate any existing exclusions.
NOTE:
a) Once "Exclusion" associated we need to Save and apply pending changes.
b) Any associated "Exclusion" cannot be deleted until such exclusion is disassociated from community(s).
c) Route print could be used for verifying route path of excluded traffic when access to such resource being tried.
Related Articles
Categories
Was This Article Helpful?
YESNO