VPN Split Tunneling: The Benefits and Risks
HTML-код
- Опубликовано: 24 июл 2024
- Learn about the benefits and perils of SSL VPN split tunneling and the reasons why organizations might choose to deploy. We also explain what Microsoft recommends for the O365 use case.
Learn more about this solution at: community.f5.com/s/articles/S... Наука
This was short and straight to the point! Loved it
I love learning networking concepts from Charles Manson! Keep 'em coming!
😂😂
He looks like a staring contest world champion lmao great video brotha, helps understand the process for sure. 👍
Thanks! And, appreciate the comment.
Love it Peter ! Very clear and helpful ! Thank you :)
Thanks! Glad you enjoyed and we appreciate the comment!
While he was teaching, it felt I already knew him and then I realized he looks like Simon from GOT TALENT, and he has got some talent definitely . Thanks for the Lecture
New subscriber 🐿🐿🐿
The squirrels loved the reminder to sign our work. Sometimes they sign my chair 😁. One of their funnier pranks as they wait for me to come back outside and see if I sit in the chair before I notice.
Anyway, great video. 👍
Glad you lied it and we appreciate the comment!!
I'm impressed with the backwards writing! lol.
I would have created a mirrored label for my shirt, written normally, and mirrored the video :)
@@HagenvonEitzen i saw this then i realized, ah nvm. but then i look at his shirt, the devcentral is not mirrored. so he is actually writing in reversed lol
i guess im randomly asking but does someone know a trick to log back into an Instagram account?
I was dumb lost my account password. I appreciate any assistance you can give me
@Sage Hudson instablaster ;)
awesome explanation!!!
Super helpful, pal.
thanks much! Appreciate the comment! ps
I think many companies were forced to move to split tunneling whether they wanted to or not to alleviate the bottlenecks in their offices. For the internet bound now traffic maybe a solution like open dns or cisco umbrella could add a layer or visibility?
Thanks needed this
Does anyone know how an RDP connection to a host that’s on VPN with split-tunneling disabled can be done?
Very helpful summary if split tunnelling (and how do you write backwards so well!)
Hey thanks! Appreciate the note. You can see how we do this with this tweet: twitter.com/psilvas/status/1113495222502088704?lang=en
Or, watch this video Jason and John did showing how: ruclips.net/video/U7E_L4wCPTc/видео.html
Thanks Pete
Appreciate the comment!! thanks! (this is Peter answering!) 🙂
Thanks 🙏🙏
how do you write inverted and left hand
this is how we do the Lightboard Lessons: ruclips.net/video/U7E_L4wCPTc/видео.html
Split Tunnel is generally against the best practices as internet bound traffic is not get inspected by the firewalls however having split tunnel enabled allow users to forward latency sensitive traffic directly to internet (not via VPN tunnel), Most companies enabled split tunnel for voice and video traffic as VPN encryption/decryption adds overhead which affect the performance sensitive applications.
Salman Nash many companies take that security posture for sure, but policies differ on requirements. Also for situations like we are in now where capacity planning didn’t foresee 100x increases in resources, splitting off nonessential traffic while the entire workforce is at home eases the burden on infrastructure allowing mission critical traffic to pass.
@@JasonRahm I think so O365 reduce the max users on F5 APM, enable the split tunneling to O365 in direct. Web trafic through cloud proxy or other solution and the corp trafic in the tunnel. O365 without split tunneling on APM is divise by 2 the max CCU value.
Great video
Appreciate the comments!
Learning to be a hacker now
anyone else thought the white dot was a dead pixel on their monitor for a second
Is bridging the users home network and the corporate network a risk with split tunnel?
Hi SB~ Could be *if* bridging mode is enabled. In order to route a private Internet connection into a VPN, the user's client has to have the bridging mode activated & typically this is not a default setting. Also an administrator can use a group policy to deactivate the bridging feature and prevent the user from activating it. If the concern is potentially infecting a corporate network with malware through a private connection that could happen. However, almost every company uses antivirus software to eliminate malware before it enters the company’s systems. Infected USB drives on a local machines is probably more of a risk than internet traffic overall. So, the risk of infection through split tunneling is highly unlikely.
I'm a moron. I still don't know what apps I should or shouldn't be using with a VPN
not at all! You are not alone, and this is a driving force for the edge technology discussion. Does it make sense to centralize control for everything, carrying all the traffic back to corporate to process before sending outbound? Or does it make sense to push some of that decision making out to the client-edge so security and performance can be managed closer to the source?
Would split tunneling be able to solve an issue for example such as being disconnect with the exchange server in outlook when VPN is actualy instead of having to keep starting Outlook first and then connect to the VPN when it comes down to O365? Does anybody know by any chance?
Depending on your infrastructure, if O365 is your Outlook feeder, then you might not need a VPN connection at all. You could Federate the credentials through a VPN controller but not necessarily need a tunnel. Some do split-tunnel with O365 (MS Recommended) so that only traffic for the corp network goes over the tunnel while O365 goes to the appropriate cloud. You could also create application specific tunnels for things like Outlook, so that all email goes thru the tunnel and any other traffic (public, that is) would go out through your ISP.
ooh!! i forgot to sign my work... LOL
Is he really writing backwards. That’s genius
Thanks for the comment! This is how we do these: ruclips.net/video/U7E_L4wCPTc/видео.html
but how do app-based split tunnel work? like in the PIA and expressvpn apps- there u can choose specific apps to over the vpn or not
In this instance, we have AppTunnels. This is where only a particular application, like Outlook or a CRM or RDP, etc, will get a specific encrypted tunnel only for that traffic/application. It can be configured to launch when the user clicks their app. Everything else goes thru the regular internet connection like normal. Hope that helps?
@@devcentral but how does it work? does it require a WFP callout driver? how to setup specific routing rules unique for an app?
Sorry, I should have also included these.
Manual Chapter APM: Configuring App Tunnel Access - techdocs.f5.com/en-us/bigip-15-1-0/big-ip-access-policy-manager-application-access/configuring-app-tunnel-access.html
and
Manual Chapter TMOS: Route Domains - techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-routing-administration-13-0-0/8.html
@@devcentral thx
couldn't watch because the squeaking marker was breaking me
why is there reverb on the audio lmao
Is the opposite of split-tunneling full way tunneling?
No split tunnel means everything, including Netflix, etc traffic, goes through the encrypted tunnel.
@@devcentral That's wrong. Split Tunnel means that corporate data goes through the tunnel, Netflix and other public traffic goes straight to the public internet.
@@bertvandegrift7200 we should have replied with, 'Not using split-tunnel' rather than No split tunnel since it could be taken as No, split-tunnel... :-)
The way like you make this presentation is very insecure.
huh