Split tunneling refers to a remote user or site accessing the Internet on the same machine as the VPN connection but without placing the Internet traffic inside the tunnel. Browsing the Web occurs directly through the user's ISP. This exposes the system to attack because the Internet traffic is not filtered or encrypted.
However, despite the security risks of split tunneling, it does offer performance advantages. When split tunneling is not allowed or supported, Internet-bound traffic must pass across the WAN bandwidth of the headend twice. This creates considerable load on the VPN headend. One solution is to allow split tunneling but require that remote users have personal firewalls for machines residing behind the VPN endpoint.
Related topics:
Selecting an Authentication Method
Selecting an Encryption and Data Integrity Method
Copyright
© 1996 - 2003 WatchGuard Technologies, Inc. All rights reserved.
Legal Notice/Terms of Use