Forum Discussion

Nikoolayy1's avatar
Nikoolayy1
Icon for MVP rankMVP
Jun 15, 2021

F5 APM split tunnel based on application process?

Hello to All,

 

 

Can F5 Edge Client and F5 APM do split tunnel based on the application processes that run run on a computer. For Example doing a split tunnel for the zoom application, as we do in the Palo Alto Globalprotect VPN solution, as they have too many IP addresses that dynamically change and may cause the issie in https://support.f5.com/csp/article/K91493443 ?

 

 

 

 

 

I know that the F5 can do split tunel based on DNS FQDN even with using wildcard like * or IP address but I don't know about using an application process.

APM
application delivery
security
vpn

2 Replies

Sort By
  • Dave_W's avatar
    Dave_W
    Icon for Employee rankEmployee
    Jun 17, 2021

    Hello, no you can't do split tunneling or routing based off process or application. What about using the Exclude Address Space in Network Access:

     

    https://support.f5.com/csp/article/K92105136

    • Nikoolayy1's avatar
      Nikoolayy1
      Icon for MVP rankMVP
      Jun 21, 2021

      Thanks for the reply but I already know about split tunnel based on ip address or FQDN. I wanted to know if there is application split tunnel in the newer versions or plans to add this feature as I mentioned I think that for applications like zoom with many dynamic ip address spaces the ip addreess or fqdn spit dns sometimes misses to send the traffic in the split tunnel and this why article K91493443.

       

       

      Similar issue is seen for Palo Alto named "GlobalProtect Split-Tunnel - Some Clients get Invalid Address Errors to Excluded Domains" but there you can use an application process to exclude the application traffic from the split tunnel.

       

       

      I think the two issues are the same.