IPSec Client VPN Tunnel-All Exclusion for Microsoft365/Teams
Hello, My client is facing an issue when trying to initiate a call or meeting in Microsoft Teams while connected to IPSec VPN using Global VPN client in Tunnel-All mode. Microsoft has acknowledged that this is a known issue, and recommends routing Teams traffic outside of the VPN tunnel and over the internet. My client requires Tunnel-All mode for compliance reasons, but confirmed Teams/365 traffic outside of the tunnel is OK.
Is there a way to route certain destination IPv4 and IPv6 address’s (365/teams IPs) outside of the VPN tunnel while keeping the Tunnel-All setting enabled? Any other suggestions or options I should be looking at? Client has a TZ570.
Answers
AFAIK there is no way to exempt traffic from a tunnel-all configuration with Sonicwall UTMs (I do not know if it is possible with SMAs or Capture Clients). Microsoft documentation literally states you have to implement some sort of split tunnel.
I suppose you could try to implement some sort of client-side OS route adjustments based on their article via a script doing 'route add ...' commands and run it upon successful connection...(a sort of poor-mans split-tunnel)