Configure split tunneling 编辑

Configure split tunneling

You can enable split tunneling to prevent the Citrix Gateway plug-in from sending unnecessary network traffic to Citrix Gateway.

When you do not enable split tunneling, the Citrix Gateway plug-in captures all network traffic originating from a user device and sends the traffic through the VPN tunnel to Citrix Gateway.

If you enable split tunneling, the Citrix Gateway plug-in sends only traffic destined for networks protected by Citrix Gateway through the VPN tunnel. The Citrix Gateway plug-in does not send network traffic destined for unprotected networks to Citrix Gateway.

When the Citrix Gateway plug-in starts, it obtains the list of intranet applications from Citrix Gateway. The Citrix Gateway plug-in examines all packets transmitted on the network from the user device and compares the addresses within the packets to the list of intranet applications. If the destination address in the packet is within one of the intranet applications, the Citrix Gateway plug-in sends the packet through the VPN tunnel to Citrix Gateway. If the destination address is not in a defined intranet application, the packet is not encrypted and the user device routes the packet appropriately. When you enable split tunneling, intranet applications define the network traffic that is intercepted.

Note:

If users connect to published applications in a server farm by using Citrix Workspace app, you do not need to configure split tunneling.

Citrix Gateway also supports reverse split tunneling, which defines the network traffic that Citrix Gateway does not intercept. If you set split tunneling to reverse, intranet applications define the network traffic that Citrix Gateway does not intercept. When you enable reverse split tunneling, all network traffic directed to internal IP addresses bypasses the VPN tunnel, while other traffic goes through Citrix Gateway. Reverse split tunneling can be used to log all non-local LAN traffic. For example, if users have a home wireless network and are logged on with the Citrix Gateway plug-in, Citrix Gateway does not intercept network traffic destined to a printer or another device within the wireless network.

For more information about intranet applications, see Configuring Client Interception.

You configure split tunneling as part of the session policy.

To configure split tunneling

  1. In the configuration utility, on the Configuration tab, in the navigation pane, expand Citrix Gateway Policies and then click Session.
  2. In the details pane, on the Profiles tab, select a profile and then click Open.
  3. On the Client Experience tab, next to Split Tunnel, select Global Override, select an option and then click OK twice.

Configuring Split Tunneling and Authorization

When planning your Citrix Gateway deployment, it is important to consider split tunneling and the default authorization action and authorization policies.

For example, you have an authorization policy that allows access to a network resource. You have split tunneling set to ON and you do not configure intranet applications to send network traffic through Citrix Gateway. When Citrix Gateway has this type of configuration, access to the resource is allowed, but users cannot access the resource.

If the authorization policy denies access to a network resource, you have split tunneling set to ON, and intranet applications are configured to route network traffic through Citrix Gateway, the Citrix Gateway plug-in sends traffic to Citrix Gateway, but access to the resource is denied.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据

词条统计

浏览:85 次

字数:4205

最后编辑:7 年前

编辑次数:0 次

    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文