Split VPN tunnel
This graphic shows ETP Client on a network with a split VPN tunnel. This scenario allows end users to securely access resources on a corporate and visited network, while also accessing the Internet through an existing local Internet breakout.
- Requests are directed to ETP DNS. If DNS over TLS is enabled, requests are encrypted with TLS.
- If a threat is detected, ETP Client handles the request based on the policy configuration. For example, if a threat category is assigned the block action with a refused response as the response to users, the request is blocked and a browser-specific error page appears.
- If no threat is detected, requests are directed to the VPN. Through the VPN, requests are forwarded to the corporate DNS resolver. If requests are not resolved by the corporate DNS resolver, they are resolved by ETP.