This is an interesting requirement.
when you enable split tunnleing, users have access to their own local network and that traffic is outside the runnel
They can either be given access through terminal services bookmark on SA to a server and allowed to map ther local printers
Or on their network, they can configure a rule on the firewall that states any packet coming from source IP as pulse adapter IP be allowed to access only the printer IP
I meant when you log into the admin UI, you can go to resource profiles-->select terminal services and then create RDP access to one of your internal servers
so once the terminal service bookmark is created, when you click on the bookmark, we can enable the option Connect local printers
The user experience will be users logs in SSL VPN, NC launches and they land on the homepage, they can click on the rdp bookmark and they will log into the terminal server and see their local printers mapped
I do not think we can do that as their local traffic is not sent through the tunnel.They will have to configure a rule on their local firewall to limit access only to their local network printer if the source IP is the Pulse IP Pool range.
Is the printer always on the same address? Let's say that the local subnet is 192.168.1.0/24 and the printer is always on 192.168.1.100. I believe you could define an inverse split-tunneling policy to say that everything except 192.168.1.100 is on the other side of the tunnel. This would - I believe - accomplish your goal by creating a 192.168.1.100/32 route pointing to the physical interface instead of the VPN virtual interface.
I have not implemented inverse split tunneling, so I can't confirm that this would work.
If the printer resides on different addresses at different sites, I don't know of any way to achieve the functionality you wish.
You can use exclude option, In SA admin UI
1. User > Resource policies > VPN tunneling > Split tunneling networks
2. Create a New policy
3. In the Resources tab, enter the print ip address 10.175.0.100/255.255.255.255
4. Choose the roles accordingly
5. In Action tab select "Exclude access"
6. save the rule
7. Go to Role > VPN tunneling option > Enabled "Split tunnel"
Now, the traffic towards the printer ip should be going directly (out of tunnel), rest all the traffic should come via tunnel; I hope this is what you're looking for...! test this config..!