DNS Routing with Split Tunnel

In split tunnel, only DNS requests that match the VPN DNS suffix search domains will use the VPN DNS servers. Requests to domains that do not match the VPN DNS suffixes go to the local (3G/WiFi connection) DNS servers. This is true for connections to all server appliances: SMA 1000 series, SMA 100 series, and firewalls. This is a limitation of Apple's iOS.

Example DNS suffix: example.com

• Query for www.example.com uses VPN DNS Server

• Query for intranet.corp.example.com uses VPN DNS Server

• Query for www.google.com uses Local DNS server

• Query for i2.examplecorp.com uses Local DNS server

This behavior can be overridden in Split Tunnel mode by enabling the Enable Use tunnel as primary network (Mobile Connect only) checkbox.