Split VPN tunnel

This graphic shows ETP Client on a network with a split VPN tunnel. This scenario allows end users to securely access resources on a corporate and visited network, while also accessing the Internet through an existing local Internet breakout.

Note: To configure a split VPN tunnel, you must configure your VPN to allow connections to the localhost (127.0.0.1). See the documentation of your VPN application for more information.
ETP Client in a network with a split VPN tunnel
These steps apply:
  1. Requests are directed to ETP DNS. If DNS over TLS is enabled, requests are encrypted with TLS.
  2. If a threat is detected, ETP Client handles the request based on the policy configuration. For example, if a threat category is assigned the block action with a refused response as the response to users, the request is blocked and a browser-specific error page appears.
  3. If no threat is detected, requests are directed to the VPN. Through the VPN, requests are forwarded to the corporate DNS resolver. If requests are not resolved by the corporate DNS resolver, they are resolved by ETP.