SD-WAN

We are implementing VIA for one of my customers and they had a question about using policy for split tunnel rules.  In the GUI, it appears that you can only use network IDs to determine whether or not traffic will go directly out the Internet or through the VIA VPN tunnel to the VPNC.  They would like to have all traffic going through the tunnel except for things like Microsoft updates and O365.  All normal website traffic would go through the VPN tunnel.   Based on the output below, it doesn't look like what they are asking for is possible, but I wanted to ask to be sure.

you need to first enable split-tunneling which is by default disabled.

its under L3 Authentication->VIA connection->new-profile

We are implementing VIA for one of my customers and they had a question about using policy for split tunnel rules.  In the GUI, it appears that you can only use network IDs to determine whether or not traffic will go directly out the Internet or through the VIA VPN tunnel to the VPNC.  They would like to have all traffic going through the tunnel except for things like Microsoft updates and O365.  All normal website traffic would go through the VPN tunnel.   Based on the output below, it doesn't look like what they are asking for is possible, but I wanted to ask to be sure.

Yes, I'm aware that split tunnelling needs to be enabled.  After enabling split tunnelling, is it possible to apply policies as asked in my original post, or are the rules solely network segment based?

you need to first enable split-tunneling which is by default disabled.

its under L3 Authentication->VIA connection->new-profile

We are implementing VIA for one of my customers and they had a question about using policy for split tunnel rules.  In the GUI, it appears that you can only use network IDs to determine whether or not traffic will go directly out the Internet or through the VIA VPN tunnel to the VPNC.  They would like to have all traffic going through the tunnel except for things like Microsoft updates and O365.  All normal website traffic would go through the VPN tunnel.   Based on the output below, it doesn't look like what they are asking for is possible, but I wanted to ask to be sure.

Yes, I'm aware that split tunnelling needs to be enabled.  After enabling split tunnelling, is it possible to apply policies as asked in my original post, or are the rules solely network segment based?

you need to first enable split-tunneling which is by default disabled.

its under L3 Authentication->VIA connection->new-profile

We are implementing VIA for one of my customers and they had a question about using policy for split tunnel rules.  In the GUI, it appears that you can only use network IDs to determine whether or not traffic will go directly out the Internet or through the VIA VPN tunnel to the VPNC.  They would like to have all traffic going through the tunnel except for things like Microsoft updates and O365.  All normal website traffic would go through the VPN tunnel.   Based on the output below, it doesn't look like what they are asking for is possible, but I wanted to ask to be sure.

Split tunneling in VIA is network based, not application based.

Once the traffic is tunneled to a gateway you can apply application based policies, but unless you know the IP addresses for Office 365 and Windows Update, I don't see a way to send that direct, while tunneling other traffic.

You may have a look at the HPE Aruba Networking SSE product for a more modern approach.

Yes, I'm aware that split tunnelling needs to be enabled.  After enabling split tunnelling, is it possible to apply policies as asked in my original post, or are the rules solely network segment based?

you need to first enable split-tunneling which is by default disabled.

its under L3 Authentication->VIA connection->new-profile

We are implementing VIA for one of my customers and they had a question about using policy for split tunnel rules.  In the GUI, it appears that you can only use network IDs to determine whether or not traffic will go directly out the Internet or through the VIA VPN tunnel to the VPNC.  They would like to have all traffic going through the tunnel except for things like Microsoft updates and O365.  All normal website traffic would go through the VPN tunnel.   Based on the output below, it doesn't look like what they are asking for is possible, but I wanted to ask to be sure.