What are the different gateways or tunnels used for?
Split tunnel is the default and is generally used to allow users to access on-campus resources. When using the split tunnel option, any traffic meant for destinations on campus will go through the tunnel. However, traffic meant for other sites like Google will go from your existing IP address. Some campus services are hosted off-site, if you find you are unable to access something using Split Tunnel try the Full Tunnel option before opening a support ticket.
The Library option (listed as “Library Access and Full Tunnel”) directs all traffic, regardless of the destination, through the GlobalProtect client and is routed through the campus network and has an IP address associated with the campus. The most common use case for this option is when you are trying to access a resource that is licensed for the campus, such as journals licensed through the library for campus users.
The Restricted Tunnel directs all traffic, regardless of the destination, through the GlobalProtect client in the same way as with the full tunnel option. The restricted tunnel performs additional actions to ensure data protection and is a future service that will be limited to people and systems needing access to sensitive data. It will have increased monitoring, and will utilize many of the advanced security features of the Palo Alto firewalls.