Im trying how the IVE system works.
Ive installed it on vmware and testing it in a lab.
Ive set up a firewall with 2 pc behind it in LAN (192.168.150.0/24) and a windows server for LDAP and the IVE in the DMZ (192.168.200.0/24).
In 'Resource Policies', configured 'Split Tunneling'.
I kept the access control default of a *:* and applies to all roles. configured a connection profile with subnet (192.168.170.1-192.168.170.254) and split-tunneling network with the LAN sunbet (192.168.150.0/24). split-tunneling is
I configured a role with only split-tunneling checkbox marked and configured to enable.
To my suprise, after connecting, i was able to ping and connect with RDP to both computers. So obviously i was wrong thinking the split-tunneling feature is just for routing.
From what i've seen, it means i can control the entire connectiong by allowing specific addresses and ports to role. So it control it globaly from there, why would i need/want to control it by configuring terminal services, file sharing etc?
Do you recommend configuring split-tunneling on each role instead of resource policy and apply resources such as terminal server to a specific role?
It depends what you want to achieve really. The whole point of split tunneling is typically used to route specific traffic over the SSL VPN.
A lot of customer's I work with usually use split tunneling for internet traffic, so any traffic that goes to the intrenet is gone directly out their connection and not through the VPN.
Say for exmaple you have two roles; employees and third party. You want all internet and internal traffic to go over the VPN for employess and for third party you want internet traffic to go out directly but all internal traffic via the vpn so they can access corporate resoruces. This can be accomploshed by creating two resource policies with the relevant split tunnelling configuration and assign them to the employess and third party roles.
Hope this helps.