FQDN ACL Process Spikes To 100% When Split Tunneling Is Enabled
This article describes an issue where certain customers who have Split Tunneling enabled will see a process spike to 100% for Fully Qualified Domain Name Access Control List (FQDN ACL).
Problem or Goal
Customers who have Split Tunneling enabled, observe that the FQDN ACL process spikes to 100% and sometimes crashes resulting in temporary DNS response delays.
Note: If split tunneling is not being utilized these service crashes can be ignored.
Cause
The FQDN ACL functionality is enabled by default when a customer upgrades Pulse Client Secure (PCS) from version 8.3. As of version 9.0R1, by default, all DNS packets will be processed by FQDN ACL and NFQUEUE.
Solution
This is a known issue and a solution to allow customers to turn the FQDN ACL feature OFF has been included in the 9.1R7 release.
Note: This setting can be found under System > Configuration > VPN Tunneling.