Decide whether to enable split tunnel and what the risks are.
Full tunnel sends all traffic over the VPN, including Netflix. Split tunnel sends only corporate subnets through the tunnel. Split is faster and saves concentrator bandwidth, but your security controls (DNS filter, content filter) lose sight of the rest.
Try this first
- 1Inventory which security controls sit on the tunnel exit: web filter, DLP, IPS. If they exist, keep full tunnel or buy a separate SWG.
- 2For split tunnel, enforce secure DNS on the client (Cloudflare Gateway, NextDNS, Umbrella), otherwise you lose visibility on malware domain lookups.
- 3Exclude Teams and Microsoft 365 from the tunnel explicitly, that is Microsoft's own guidance (Teams media direct to internet performs better).
- 4Document which subnets go over the tunnel, otherwise no one will remember in a year.
When to bring us in
You have an audit requirement that all traffic be inspected: pick a SASE or SSE solution (Cloudflare, Zscaler, Netskope) so you can split-tunnel with cloud inspection.
See also
- VPN will not connect or keeps droppingTwo main causes: your home internet or the VPN server. One quick test separates them.
- VPN connects but corporate folders are unreachableConnection says "green" but your network drives will not open. Almost always a DNS or routing issue.
- Home PC slow on VPN, fast at the officeThree suspects: home internet, VPN server limits, or routing that takes a long detour.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.