Reset Search
 

 

Article

KB40596 - Client and Server Versions Compatibility for Whitelisting and Blacklisting of FQDN based split-tunneling

« Go Back

Information

 
Last Modified Date5/1/2017 2:53 PM
Synopsis
This article describes the behavior when either client / server compatibility for whitelisting and blacklisting of FQDN based split-tunneling is supported in PCS version 8.3R1 and above and Pulse Mobile iOS version 6.3.0 and above.
Problem or Goal
Cause
Solution

Pulse Mobile for iOS 6.3 and above with PCS 8.2RX and below:

This example is a supported client and a unsupported server.  In this scenario, the PCS device will only support whitelisted domains since there is no option to add blacklisted domains in 8.2RX and below. 
  • If WSAM allowed servers are NOT configured (Server list is empty), then all the traffic is tunneled.
  • If destination matches WSAM allowed server in list, then traffic of that server is tunneled.
  • If destination does not match any of the server in the WSAM allowed servers, then the traffic is not tunneled.


Pulse Mobile for iOS 6.2 and below with PCS 8.3R1 and above:

This example is a unsupported client and a supported server.  In this scenario, the PCS device will support whitelisted and blacklisted domains, but the client will be unable to understand the blacklisted domain.
 
  • If servers are defined to ALLOW, then traffic of that server is tunneled.
  • If servers are defined to DENY, then none of the blacklist will match since old client does not understand blacklist
  • Example-1: If admin defines DENY action to test.pulsesecure.net and no other servers are defined, then the traffic of test.pulsesecure.net is tunneled. 
  • Example-2: If admin defines DENY to test.pulsesecure.net and ALLOW to login.pulsesecure.net then login.pulsesecure.net traffic is tunneled and test.pulsesecure.net traffic is not tunneled. This behavior is because old client does not understand blacklisting and denies the traffic of all the servers except allowed servers in the list
  • If the default action is set to ALLOW for the servers not defined in the list, then everything is tunneled.
  • If the default action is set to DENY for the servers not defined in the list, then NOTHING is tunneled.
Related Links
Attachment 1 
Created ByDeep Ravjibhai Patel

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255