Security

last person joined: 7 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Implementing Split Tunnel Mode with the VIA Client

This thread has been viewed 3 times

  • 1.  Implementing Split Tunnel Mode with the VIA Client

    Posted Mar 23, 2020 06:12 AM

    Hello,

     

    We have the following set up.

     

    A cluster of 3 Aruba 7210 Controllers running ArubaOS 8.6.0.

     

    We run VIA clients 3.2.* and would like to run Split-tunnel mode for VIA connections, so only traffic into corporate network is tunnelled to the Controller, and all other traffic to other destinations go directly to those external hosts.

    I would be grateful if anyone can point me in the right direction, how one would be able to achieve this with the above setup?

     

    Thank you in anticipation.

     

    Kind regards PM.



  • 2.  RE: Implementing Split Tunnel Mode with the VIA Client

    MVP EXPERT


  • 3.  RE: Implementing Split Tunnel Mode with the VIA Client

    Posted Mar 23, 2020 08:53 AM

    Thank you Craig, this seems to contain information on how I should go about solving my need.

     

    I will give it a shot during the course of the next few days.

     

    Kind regards

    PM



  • 4.  RE: Implementing Split Tunnel Mode with the VIA Client

    Posted Mar 24, 2020 06:28 AM

    Hello,

     

    Thanks once again Craig, I have now got the VIA client to work with Split Tunnel Mode. But I had to delete the VIA profile, then download it, to effect the change.

     

    I am wondering if there is any way of pushing out the change to all the 100+ VIA users. Getting them to do the same would be a major support job. Perhaps shooting out an upgrade of VIA clients would solve this?

     

    Kind regards

    PM

     

     



  • 5.  RE: Implementing Split Tunnel Mode with the VIA Client

    MVP EXPERT
    Posted Mar 24, 2020 06:38 AM

    Potentially, without seeing the issue first hand or the logs its difficult to determine what caused the issue. You can certainly upgrade an effected client and see if this resolves it. Probably easier to upgrade the client via GPO then perform the profile deletion.



  • 6.  RE: Implementing Split Tunnel Mode with the VIA Client

    EMPLOYEE
    Posted Mar 26, 2020 05:41 AM

    This is what I got from engineering:

     

    "Profile refresh happens on disconnect and connect. In iOS and Mac versions of VIA, profile refresh happens immediately on VIA disconnect and connect. In windows, User has to disconnect and connect twice (This is by design).

    Please note, In android we have a known limitation and profile refresh is not supported in the current available version of VIA." - a.k.a. You would have to forget and then download the VIA profile for android for this to work.



  • 7.  RE: Implementing Split Tunnel Mode with the VIA Client

    Posted Apr 09, 2020 06:01 PM

    Just a side note.  Most security profiles frown upon split tunneling.  Use wisely.



  • 8.  RE: Implementing Split Tunnel Mode with the VIA Client

    EMPLOYEE
    Posted Apr 10, 2020 09:32 AM

    Unless you know what all companies are doing, that is not true.



  • 9.  RE: Implementing Split Tunnel Mode with the VIA Client

    Posted Apr 10, 2020 09:43 AM

    Just trying to point out to use it with care.  I do want to say, thank you for the input you have had on so many posts.  Extremely helpful.