We're using VPN Mobile Clients. We have not set them to full-tunneling, so we use split DNS. In other words, the regular internet-traffic (Facebook, Netflix etc) does not enter the tunnel. Only traffic to our on-premise resources (domain, fileservers etc.) enters the tunnel. So far so good. Been doing this for 20 years.
But, enter 2020 we now use Cloud resources at Azure/AWS. To secure these services we have set up whitelist-filters so only our office IP addresses are allowed to manage the cloud. So users at the office can access Azure/AWS and do their clouddance.
But users on VPN Mobile cannot access the same Cloud resources, since that traffic is classified as public Internet, and does not enter the tunnel. This is a problem.
I don't want to set the Mobile clients to full-tunneling and ditch split-DNS, because then I'll get hit with Netflix, Facebook and other private crap I don't want to know about.
So what are my options ? Is there any way to tell the VPN Mobile client to route certain traffic over the VPN, even though the IP addresses of that traffic are public and not part of my on-premise encryption domain ?
I cannot believe I'm the only one with this predicament.
Any thoughts ?