We currently use Network Connect for our remote users, but do not provision split-tunneling. We are starting to get requests for users who are connected to their "home" network to be able to print to their local printer. Is there a way short of creating profiles for each home network range, allowing split tunneling for the printer-port, to handle this. Any options that you know of and care to share?
Thanks in advance,
Have you had a look at enabling local subnet access???Allow access to local subnetÑThe IVE preserves the route on the client,
retaining access to local resources such as printers. If needed, you can add
entries to the clientÕs route table during the Network Connect session. The
IVE does not terminate the session. This is the default option.
This would give you partial split tunneling, so they could only get to their local network and not to the internet.
More info on this can be found in the administration manual under the network connect section.
Hope this helps.
What about a compromise? Something like ... Have HC check for a software firewall on the target (protects from the kiddies // online or offline) and if so, map the user to a role that permits Split Tunneling to the local subnet so they can print (vs a fallback role that just gets the cruel punishment of zero split tunneling). Then when your users nag you for print capabilities you can tell em "sure thing - just enable that Windows firewall and you're all set". O'course, that's assuming all your folks are Windows types.