Reset Search



KB40340 - Support for Fully Qualified Domain Name (FQDN) Split Tunneling with Per-App VPN in Pulse Mobile for iOS 6.1.0

« Go Back


Last Modified Date10/14/2016 3:23 AM
This article provides information about the Per-App VPN feature introduced in Pulse Mobile for iOS 6.1.0 that supports fully qualified domain name split tunneling.
Problem or Goal


  • Pulse Connect Secure (PCS) device must be running 8.2R3 or higher.  
  • Pulse Mobile iOS client must be running 6.1.0 or higher.
  • Layer 4 (L4) Per-App VPN must be configured via MDM.  (L3 Per-App VPN is not supported due to Apple API limitation.)

Steps to configure L4 Per-App VPN  using split tunneling FQDN:

In PCS 8.2R3 and above, the PCS administrator can add FQDN based hosts to the allowed server list under the corresponding user role used for Per-App VPN by following these steps:
  1. Login to the admin console.
  2. Navigate to Users > (ROLE_NAME) > SAM
  3. In the WSAM Allowed Servers section, click Add Server
User-added image
  1. In the Allowed Servers(and Ports) field, enter the FQDN or host name to be tunnel via Per-App VPN.
Note: The example below shows both an IP based allowed server and an FQDN based allowed server.*
 User-added image
  1. Click Save Changes.

*Important Note: For Pulse Mobile iOS 6.1.0 and up connecting to PCS devices running versions prior to 8.2R3, it will still be necessary to use IP based SAM allowed servers as FQDN split tunneling will not be recognized and can cause Per-App VPN access to fail.  In versions prior to 8.2R3, The PCS device will evaluate the resource by reverting to the previous behavior where split tunneling configuration is only allowed by IP address defined in the allowed servers list.


Additional Notes:

With the initial release of the FQDN split tunneling feature in PCS 8.2R3 and up and Pulse Mobile for iOS 6.1.0 and up, the, PCS device only supports whitelists, which are defined as "Allow Access" server lists for layer 4 (L4) Per-App VPN configuration.  As of October 2016, blacklist, or Deny Access scenarios, are not supported, but are planned for a future release.
Related Links
Attachment 1 
Created ByK. Kitajima



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255