Internet Access Options for Mobile VPN Users
For all types of Mobile VPN, you have two options for Internet access for your Mobile VPN users:
Force all client traffic through tunnel (default-route VPN)
The most secure option is to require that all remote user Internet traffic is routed through the VPN tunnel to the Firebox. Then, the traffic is sent back out to the Internet. With this configuration (known as default-route VPN), the Firebox is able to examine all traffic and provide increased security, although it uses more processing power and bandwidth.
Allow direct access to the Internet (split tunnel VPN)
Another configuration option is to enable split tunneling. With this option, your users can browse the Internet, but Internet traffic is not sent through the VPN tunnel. Split tunneling improves network performance, but decreases security because the policies you create are not applied to the Internet traffic. If you use split tunneling, we recommend that each client computer have a software firewall.
For information about how to configure these options for each type of Mobile VPN, see: