You have two options for Internet access for your Mobile VPN users:
Default-route (full tunnel)
Default-route is the most secure option because it routes all Internet traffic from a remote user through the VPN tunnel to the Firebox. Then, the traffic is sent back out to the Internet. With this configuration, the Firebox can examine all traffic and provide increased security. Be aware that this option requires more processing power and bandwidth.
Default route is the default option for all mobile VPN types on the Firebox.
If you require split tunneling, we recommend that you use Mobile VPN with SSL. For information about Mobile VPN with SSL and split tunneling, see Options for Internet Access Through a Mobile VPN with SSL Tunnel.
You can also configure Mobile VPN with IPSec for split tunneling. For more information, see Options for Internet Access Through a Mobile VPN with IPSec Tunnel and Configure the Firebox for Mobile VPN with IPSec.
The Firebox supports connections from Mobile VPN with IKEv2 and Mobile VPN with L2TP clients configured for split tunneling. However, you must manually configure IKEv2 and L2TP clients for split tunneling. For example, you must manually add routes on the client computer for each remote network that you require access to. We do not provide customer support for split tunnel configurations on IKEv2 and L2TP clients. See the documentation provided by your VPN client vendor.
For information about how to configure these options for each type of Mobile VPN, see: