topic Re: Per-app VPN support in SASE and Remote Access

Per-app VPN support

TomShanti — Tue, 01 Oct 2019 12:49:37 GMT

Hi community,

other than using CapsuleVPN on top of Win10 is there currently any other option to get per-App VPN on a Windows 10 Client together with a CP GW ?

Thanks

Tom

Re: Per-app VPN support

FedericoMeiners — Tue, 01 Oct 2019 13:23:42 GMT

Tom,

I don't think that this could be achieved in an orthodox way, usually Per-App VPNs are based o App signatures and a MDM to make the tunneling decision and the automatic VPN.

Personally I request my customers to define what is Per-App VPN for them, there are many definitions and mis-definitions for it.

Having said that, a "similar" solution would be to create access rules for your remote access users based on identity where you allow them to only access certain applications. I know that it's not technical the same but maybe it works for you.

____

Re: Per-app VPN support

TomShanti — Tue, 08 Oct 2019 14:20:31 GMT

Hi and thanks for your reply.

Per-App VPN requirement mainly comes from having routing decisions based on Apps rather than destination networks.

Let´s say I open Outlook on a client with a Per-App VPN client. This client should now be able to route the Outlook traffic through the VPN tunnel but other traffic directly to the e.g. Internet access the client has.

Regards Tom

Re: Per-app VPN support

G_W_Albrecht — Tue, 08 Oct 2019 14:36:23 GMT

Looks quite easy: If the Outlook target server address the client connects to is inside the Encrypting Domain, traffic will be sent thru VPN, other traffic - not to any IP in Encrypting Domain - will go to Internet. As every App has a destination this is quite simple...