The key element of the whitelisting and blacklisting of FQDN based split-tunneling are:
- Admin can configure individual servers under WSAM Destinations to ALLOW/DENY the traffic
- Admin can configure WSAM Destinations for Whitelist as a subset of Blacklist
- Admin can configure WSAM Destinations for Blacklist as a subset of Whitelist
- Admin can set default action as either ALLOW/DENY for the destinations that do not match any of the WSAM servers.
- Order of the servers defined is important and rules are evaluated in the order they are defined in the list.
- Wild card characters * and ? are allowed to configure WSAM destinations. * matches multiple characters and ? matches any single character
To configure, please perform the following steps:
- Login to admin console
- Navigate to Users > Roles > 'Select the Role' > Secure Application Manager > Applications > WSAM Destination
- Under WSAM Destination, click Add Server
- In the Destinations Servers(and ports), enter the FQDN and the port
- Click the radio button for Allow or Deny
Note: Administrator can configure the WSAM destination servers using WSAM Destination resource profiles. The action for these resources will be set to ALLOW automatically. Also, these WSAM destinations will show up on Windows client UI but won't have any functional effect. This feature only applies for Pulse Mobile iOS client for per-APP VPN only.