You can enable
tunneling to prevent the NetScaler Gateway Plug-in from sending
unnecessary network traffic to NetScaler Gateway.
When you do not
enable split tunneling, the NetScaler Gateway Plug-in captures all network
traffic originating from a user device and sends the traffic through the VPN
tunnel to NetScaler Gateway.
If you enable
split tunneling, the NetScaler Gateway Plug-in sends only traffic destined for
networks protected by NetScaler Gateway through the VPN tunnel. The NetScaler
Gateway Plug-in does not send network traffic destined for unprotected networks
to NetScaler Gateway.
When the NetScaler
Gateway Plug-in starts, it obtains the list of intranet applications from
NetScaler Gateway. The NetScaler Gateway Plug-in examines all packets
transmitted on the network from the user device and compares the addresses
within the packets to the list of intranet applications. If the destination
address in the packet is within one of the intranet applications, the NetScaler
Gateway Plug-in sends the packet through the VPN tunnel to NetScaler Gateway.
If the destination address is not in a defined intranet application, the packet
is not encrypted and the user device routes the packet appropriately. When you
enable split tunneling, intranet applications define the network traffic that
Note: If users
connect to published applications in a server farm by using Citrix Receiver,
you do not need to configure split tunneling.
also supports reverse split tunneling, which defines the network traffic that
NetScaler Gateway does not intercept. If you set split tunneling to reverse,
intranet applications define the network traffic that NetScaler Gateway does
not intercept. When you enable reverse split tunneling, all network traffic
directed to internal IP addresses bypasses the VPN tunnel, while other traffic
goes through NetScaler Gateway. Reverse split tunneling can be used to log all
non-local LAN traffic. For example, if users have a home wireless network and
are logged on with the NetScaler Gateway Plug-in, NetScaler Gateway does not
intercept network traffic destined to a printer or another device within the
information about intranet applications, see
Configuring Client Interception.
split tunneling as part of the session policy.