Policy Management allows administrators to set up a rule that detects when a client device is on a particular LAN, and automatically put the client into passthrough mode. This allows a client to have unrestricted access to all local network resources without any traffic going through the Mobility VPN tunnel. It's equivalent to manually clicking Disconnect on a client.
Step by Step
For example, if your LAN subnet is 192.168.1.0/24, create the following rule, add it to a rule set, and then subscribe your clients to it:
Apply this rule
- when the local address is equal to address(es)
on the interface
Passthrough mode is enabled (v9.0)
continue to the next rule
This will keep the Mobility client in passthrough mode, as long as the active adapter resides on the 192.168.1.0/24 subnet. If the client roams to another point-of-presence subnet, this rule deactivates, and traffic will once again go through the VPN tunnel.
If triggering the rule based on an internal subnet does not work on your network, you can also use the following triggers:
- Trigger the rule based on the DNS suffix on the interface to match the DNS suffix handed out by the local DHCP server.
- Trigger the rule when the client connects to the internal IP address of your Mobility server.