In 9.1R13 and prior, the Split Tunnel Network limit is 256.
In 9.1R14 and 9.1R15, the Split Tunnel Network limit is 512 for each category of resources viz., IPv4 (512), IPv6 (512) & FQDN (512).
In 9.1R16 and above, the Split Tunnel Network limit is 1024 for each category of resources viz., IPv4 (1024), IPv6 (1024) & FQDN (1024).
If a Tunnel exceeds this limit, the Pulse Secure Desktop client will fail to connect (With the below message in the Event logs) until the split tunnel routes are reduced.
- Both PCS & PDC needs to be upgraded to avail of this benefit.
- iOS does not support FQDN ST due to its OS limitations.
Failed to set Split-Tunneling networks for user XXXXX. There can only be up to a maximum
of XXX split-tunneling routes applied per VPN tunnel.
The impact of this message is limited to the specific user who exceeds this limit.
How to reduce the number of split tunnel routes?
The total number of split tunnel routes is calculated by the total number of split tunnel routes for each assigned user role. For example, user A is assigned may be assigned to multiple roles.
If user A is assigned to all 3 roles, the total split tunnel routes would be 45 split tunnel routes. If user A is assigned to ROLE A and ROLE B, then the total split tunnel routes would be 35 split tunnel routes. The administrator should evaluate all user roles the problematic end user is assigned to and consolidate individual split tunnel routes and ports by ranges or eliminate duplicate or unnecessary routes.
- ROLE A (15 split tunnel routes)
- ROLE B (20 split tunnel routes)
- ROLE C (10 split tunnel routes)
192.168.1.2, 192.168.1.3, 192.168.1.4 can be converted to 192.168.1.2-192.168.1.4