Understand the definition, benefits, and risks of VPN split tunneling.
Download VPN software Speak with an Expert
Definition
Benefits
Security Risks
How Fortinet Can Help
FAQs
VPN Split Tunneling Definition
Virtual private network (VPN) split tunneling lets you route some of your application or device traffic through an encrypted VPN, while other applications or devices have direct access to the internet. This is particularly useful if you want to benefit from services that perform best when your location is known while also enjoying secure access to potentially sensitive communications and data.
It is important to keep in mind the security risks (more on these later) when considering this option.
Virtual Private Network (VPN)
A VPN provides users with a secure tunnel through which all data traveling to and from their device is encrypted. This allows them to enjoy secure remote access and protected file sharing while also being able to mask their location if they choose to do so.
However, with a VPN, you may experience slower network speed and bandwidth issues because of the encryption that has to be applied to all data traveling through it.
Choose which traffic goes through the VPN
With a VPN split tunnel connection, users can send some of their internet traffic via an encrypted VPN connection and allow the rest to travel through a different tunnel on the open internet. The default setting of a VPN is to route 100% of internet traffic through the VPN, but if you want to access local devices or obtain higher speeds while encrypting specific data, consider using split tunneling.
Benefits of VPN Split Tunneling
VPN split tunneling may not be a good fit for all organizations, but you have the option of turning it on when you set up your VPN. Many organizations with VPNs have bandwidth restrictions, particularly because the VPN has to both encrypt data and send it to a server in a different location. This can result in performance issues if split tunneling is not implemented.
Conserve bandwidth
When split tunneling is enabled, traffic that would have been encrypted by the VPN, which is likely to transmit more slowly, is sent through the other tunnel. Routing traffic through a public network can enhance performance because no encryption is necessary.
Provide a secure connection for remote workers
Remote employees can benefit from a secure network connection through the VPN that provides them with encrypted access to sensitive files and email. At the same time, they can access other internet resources through their internet service provider (ISP) at higher speeds.
Work on a local-area-network (LAN)
When you connect to a VPN, encryption may block access to your LAN. With split tunneling, you can still access local resources like printers through your LAN while benefiting from the security of the VPN.
Stream content without using foreign IP addresses
Stream content while traveling abroad and enjoy web services that depend on you having a local Internet Protocol (IP) address. You can use the VPN to connect to content in your home country, and with the split tunneling feature enabled, you can get the most out of websites and search engines that work best when they know your location.
What Are the VPN Split Tunneling Security Risks?
There are risks to using VPN split tunneling, and these must be weighed against the benefits. Those in charge of information security in corporate environments use defensive technology to protect endpoints and stop users from carrying out certain tasks, whether intentionally or by accident.
Traditionally, users can circumvent proxy servers and other devices, which are put in place to regulate and protect network usage. Therefore, if a user is working from a network that is not secure, they can put the organization’s network at risk. If a hacker is able to compromise the network the user is working from by means of split tunneling, the hacker may be able to put the rest of the organization’s network in jeopardy as well. As long as a company computer is compromised, the organization’s network remains at risk too.
Users may also bypass the Domain Name Systems (DNS), which aids in identifying and repelling intruders, devices that prevent data loss, as well as other devices and systems. Each of these devices or systems plays a significant role in protecting data and communication. So circumventing any of them just to reduce traffic or increase performance may not be advantageous.
One function of proxy servers is to limit traffic to websites of a questionable nature or reputation. They also allow organizations to keep track of what their employees are doing or accessing. Additionally, proxies offer protection to corporate endpoints by preventing communication with command-and-control (C&C) servers manned by hackers. Another benefit is to monitor traffic and regulate it. An example are proxies that limit or prevent access to sites like Spotify, YouTube, or Netflix, which stream music, movies, and other forms of entertainment.
If an employee’s system is infected, the data it sends to C&C systems in a split tunneling setup will not be visible to corporate IT. While the device or network is compromised and in communication with the invading system, the user may spend their time accessing disreputable sites on company time. And because split tunneling is enabled, the organization is unaware of the security risk or the loss of employee productivity.
How Fortinet Can Help?
In today’s rapidly evolving cybersecurity environment, VPN alone may not be enough to secure sensitive data and keep your organization’s network safe. Whether users are in the office, at home, or on the road, they need consistent and secure access to applications in the cloud, data center, and SaaS platforms.
Fortinet helps organizations to secure and connect their work-from-anywhere employees and devices to critical applications and resources. Fortinet Universal ZTNA is a robust security solution that offers businesses flexibility, granular access control, and ongoing verification. It enables policies to be enforced for users regardless of location. With granular access control, access is granted to specific applications only for that session, providing better security. With the client-initiated model, the IT team has more visibility and control of the endpoint while providing users with a faster, easier experience. Universal ZTNA requires no additional licenses and is a free feature in FortiOS and FortiClient, allowing customers to shift from VPN to ZTNA at their own pace. With Fortinet’s added flexibility, you don’t need to choose exclusively between VPN or ZTNA; you can adapt to the solution that’s right for you.
Because of continual movement between on-premises, home network, and public network environments, zero trust, endpoint, and network security must be connected through a centralized security and management framework. Solutions unified by a common set of APIs and integration points ensure users can seamlessly shift from one location to another, enjoying a consistent user experience that is appropriately protected with contextual security. Fortinet is the only vendor capable of delivering this unified approach, enabling proactive, integrated, and context-aware security that automatically adapts to where users are, what device they are using, and what resources they are accessing.
Using a broad portfolio of zero trust, endpoint, and network security solutions within the Fortinet Security Fabric, Fortinet can deliver security, services, and threat intelligence that can automatically follow users across distributed networks. The Security Fabric can also adjust enforcement to the perceived risk of every interaction—whether on the road, at home, or in the office to enable consistent enterprise-grade protection and enhance productivity end-to-end.
Learn moreabout how Fortinet ZTNA improves secure access to applications anywhere, for remote users.
VPN Split Tunneling FAQs
What is VPN split tunneling?
Virtual private network (VPN) split tunneling lets you route some of your application or device traffic through an encrypted VPN, while other applications or devices have direct access to the internet.
Can you choose which traffic goes through a VPN split tunnel?
Virtual private network (VPN) split tunneling lets you route some of your application or device traffic through an encrypted VPN, while other applications or devices have direct access to the internet.
What are the benefits of using a VPN split tunnel?
Many organizations with VPNs have bandwidth restrictions, particularly because the VPN has to both encrypt data and send it to a server in a different location. This can result in performance issues if split tunneling is not implemented.
Please fill out the form and a knowledgeable representative will get in touch with you soon.