KB40595 - Whitelisting and Blacklisting of Fully Qualified Domain Name (FQDN) based split-tunneling for Per-App VPN for Pulse Mobile for iOS.

This article describes the new enhancement of whitelisting and blacklisting of FQDN based split tunneling for per-App VPN for Pulse Mobile iOS client.

 

This is a new feature introduced in PCS version 8.3R1 and Pulse Mobile iOS version 6.3.0 and above. Both client and server needs to be on correct supported version of 6.3.0 or above and 8.3R1 or above respectively to use this feature.

The key element of the whitelisting and blacklisting of FQDN based split-tunneling are:

• Admin can configure individual servers under WSAM Destinations to ALLOW/DENY the traffic
• Admin can configure WSAM Destinations for Whitelist as a subset of Blacklist 
• Admin can configure WSAM Destinations for Blacklist as a subset of Whitelist
• Admin can set default action as either ALLOW/DENY for the destinations that do not match any of the WSAM servers.
• Order of the servers defined is important and rules are evaluated in the order they are defined in the list.
• Wild card characters * and ? are allowed to configure WSAM destinations. * matches multiple characters and ? matches any single character

To configure, please perform the following steps:

1. Login to admin console
2. Navigate to Users > Roles > 'Select the Role' > Secure Application Manager > Applications > WSAM Destination 
3. Under WSAM Destination, click Add Server
4. In the Destinations Servers(and ports), enter the FQDN and the port
5. Click the radio button for Allow or Deny

Note:  Administrator can configure the WSAM destination servers using WSAM Destination resource profiles. The action for these resources will be set to ALLOW automatically. Also, these WSAM destinations will show up on Windows client UI but won't have any functional effect. This feature only applies for Pulse Mobile iOS client for per-APP VPN only.