This site requires JavaScript to be enabled
An updated version of this article is available

bSecure Remote Access Gateways List for GlobalProtect: What are they used for?


8.0 - Updated on 2020-04-21 by Sean Schluntz

7.0 - Updated on 2019-07-22 by Sean Schluntz

6.0 - Updated on 2019-05-22 by Sean Schluntz

5.0 - Updated on 2019-05-22 by Sean Schluntz

4.0 - Updated on 2019-05-22 by Sean Schluntz

3.0 - Updated on 2019-04-29 by Sean Schluntz

2.0 - Updated on 2018-11-08 by Sean Schluntz

1.0 - Authored on 2018-11-08 by Sahil Sanghvi

What are the different gateways used for?
Split tunnel is the default gateway and will be used unless the user specifically chooses a different option in the Gateway menu. It directs any traffic meant for systems and services on campus through GlobalProtect to the destination using a campus private IP address. However, traffic meant for sites off-campus, such as Google, will not use GlobalProtect and will work the same as if the remote access service was not active. Some campus services are hosted off-site, if you find you are unable to access something using Split Tunnel try the Library Tunnel option before opening a support ticket.
The Library option (listed as “Library Access and Full Tunnel”) directs all traffic, regardless of the destination, through the GlobalProtect client and is routed through the campus network to its destination. All traffic has an IP address associated with the campus no matter where it is going effectively making your device act as though it is directly connected at the UC Berkeley campus. The most common use case for this option is when you are trying to access a resource that is licensed for the campus, such as journals licensed through the library for campus users.
The Restricted Tunnel directs all traffic, regardless of the destination, through the GlobalProtect client in the same way as with the library tunnel option.  The restricted tunnel performs additional actions to ensure data protection and is a future service that will be limited to people and systems needing access to sensitive data. It will have increased monitoring, and will utilize many of the advanced security features of the Palo Alto firewalls. Please open a ticket with Information Security and Policy if you believe your department has need of the restricted tunnel.