Can we configure the Zscaler client connector both Full and Split tunneling VPN profiles?

We are using Pulse secure VPN client with Full tunneling profile.
And we are planning to install Zscaler client connector.
During migration transition, we created both split tunneling and full tunneling profiles on the Pulse secure VPN client for evaluation pilot users.
However following URL, “Your VPN can run in full-tunnel mode or split-tunnel mode,
but each mode requires different Zscaler Client Connector configurations”
So can’t we configure both split tunneling and full tunneling profiles on the Pulse secure VPN client for evaluation pilot users ? Because the Trusted VPN network , you can’t configure split and full type of connections.
https://help.zscaler.com/z-app/best-practices-zscaler-app-and-vpn-client-interoperability?_ga=2.30901754.474226014.1615787824-511688009.1615205400&_gac=1.3933828.1615964254.EAIaIQobChMI_afV9t-27wIVIQZ7Ch360QggEAAYASAAEgJKffD_BwE

Additional information, above question,
What we need to do following:
VPN Spilt tunneling > Tunnel forward to Zscaler public service edge (Overrides browser proxy PAC)
VPN Full tunneling > None (use browser proxy PAC)

Isao,

I’m not sure I am following. You have two types of users? Type one needs full tunnel when on VPN and Type two needs split tunnel?

The app profile and forwarding profile are used to define how ZCC works when attached to the VPN. You can have multiple app profiles and assign those to different users.

Is this for ZIA only?

Regards,

-Todd Harcourt-

Hi Todd,

Thank you for your post.
The user has two VPN client profiles. Full tunneling and Spilt tunneling.
I read again the URL , and Full tunneling will be detected as VPN trusted network, and Split tunneling will be detected as off trust network on the Zscaler client connector . So that the user can connect without problem both VPN modes, if my understand is correct.

Isao,

Yes it will work in either mode depending on the routes the VPN profile will send to the endpoint. As stated in the documentation the forwarding setup for each type will be different.

Regards,

-Todd Harcourt-

From our experience using Pulse + ZCC, we’ve found that Windows users can operate full tunnel mode in v2.0 DTLS, however Mac users require being mapped to a split tunneling policy. Full tunnel will cause the Mac Pulse client to keep reconnecting. As a result, Mac users appear Off Trusted Network.