What is VPN Split Tunneling? | Fortinet (2024)

Virtual private network (VPN) split tunneling lets you route some of your application or device traffic through an encrypted VPN, while other applications or devices have direct access to the internet. This is particularly useful if you want to benefit from services that perform best when your location is known while also enjoying secure access to potentially sensitive communications and data.

It is important to keep in mind the security risks (more on these later) when considering this option.

A VPN provides users with a secure tunnel through which all data traveling to and from their device is encrypted. This allows them to enjoy secure remote access and protected file sharing while also being able to mask their location if they choose to do so.

However, with a VPN, you may experience slower network speed and bandwidth issues because of the encryption that has to be applied to all data traveling through it.

Stream content while traveling abroad and enjoy web services that depend on you having a local Internet Protocol (IP) address. You can use the VPN to connect to content in your home country, and with the split tunneling feature enabled, you can get the most out of websites and search engines that work best when they know your location.

There are risks to using VPN split tunneling, and these must be weighed against the benefits. Those in charge of information security in corporate environments use defensive technology to protect endpoints and stop users from carrying out certain tasks, whether intentionally or by accident.

Traditionally, users can circumvent proxy servers and other devices, which are put in place to regulate and protect network usage. Therefore, if a user is working from a network that is not secure, they can put the organization’s network at risk. If a hacker is able to compromise the network the user is working from by means of split tunneling, the hacker may be able to put the rest of the organization’s network in jeopardy as well. As long as a company computer is compromised, the organization’s network remains at risk too.

Users may also bypass the Domain Name Systems (DNS), which aids in identifying and repelling intruders, devices that prevent data loss, as well as other devices and systems. Each of these devices or systems plays a significant role in protecting data and communication. So circumventing any of them just to reduce traffic or increase performance may not be advantageous.

One function of proxy servers is to limit traffic to websites of a questionable nature or reputation. They also allow organizations to keep track of what their employees are doing or accessing. Additionally, proxies offer protection to corporate endpoints by preventing communication with command-and-control (C&C) servers manned by hackers. Another benefit is to monitor traffic and regulate it. An example are proxies that limit or prevent access to sites like Spotify, YouTube, or Netflix, which stream music, movies, and other forms of entertainment.

If an employee’s system is infected, the data it sends to C&C systems in a split tunneling setup will not be visible to corporate IT. While the device or network is compromised and in communication with the invading system, the user may spend their time accessing disreputable sites on company time. And because split tunneling is enabled, the organization is unaware of the security risk or the loss of employee productivity.

In today’s rapidly evolving cybersecurity environment, VPN alone may not be enough to secure sensitive data and keep your organization’s network safe. Whether users are in the office, at home, or on the road, they need consistent and secure access to applications in the cloud, data center, and SaaS platforms.

Fortinet helps organizations to secure and connect their work-from-anywhere employees and devices to critical applications and resources. Fortinet Universal ZTNA is a robust security solution that offers businesses flexibility, granular access control, and ongoing verification. It enables policies to be enforced for users regardless of location. With granular access control, access is granted to specific applications only for that session, providing better security. With the client-initiated model, the IT team has more visibility and control of the endpoint while providing users with a faster, easier experience. Universal ZTNA requires no additional licenses and is a free feature in FortiOS and FortiClient, allowing customers to shift from VPN to ZTNA at their own pace. With Fortinet’s added flexibility, you don’t need to choose exclusively between VPN or ZTNA; you can adapt to the solution that’s right for you.

Because of continual movement between on-premises, home network, and public network environments, zero trust, endpoint, and network security must be connected through a centralized security and management framework. Solutions unified by a common set of APIs and integration points ensure users can seamlessly shift from one location to another, enjoying a consistent user experience that is appropriately protected with contextual security. Fortinet is the only vendor capable of delivering this unified approach, enabling proactive, integrated, and context-aware security that automatically adapts to where users are, what device they are using, and what resources they are accessing.

Using a broad portfolio of zero trust, endpoint, and network security solutions within the Fortinet Security Fabric, Fortinet can deliver security, services, and threat intelligence that can automatically follow users across distributed networks. The Security Fabric can also adjust enforcement to the perceived risk of every interaction—whether on the road, at home, or in the office to enable consistent enterprise-grade protection and enhance productivity end-to-end.

Learn moreabout how Fortinet ZTNA improves secure access to applications anywhere, for remote users.