Secure Mobile Access 12.4 Administration Guide

DNS Routing with Split Tunnel

In split tunnel, only DNS requests that match the VPN DNS suffix search domains will use the VPN DNS servers. Requests to domains that do not match the VPN DNS suffixes go to the local (3G/WiFi connection) DNS servers. This is true for connections to all server appliances: SMA 1000 series, SMA 100 series, and firewalls. This is a limitation of Apple's iOS.

Example DNS suffix: example.com

  • Query for www.example.com uses VPN DNS Server

  • Query for intranet.corp.example.com uses VPN DNS Server

  • Query for www.google.com uses Local DNS server

  • Query for i2.examplecorp.com uses Local DNS server

This behavior can be overridden in Split Tunnel mode by adding a CEM entry in AMC.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.