Split Tunneling for a Corporate SSID
Juniper Mist Edge provides split-tunnel capability. This capability enables corporate clients to connect to local home devices (such as printers and media systems) while connected to the corporate network. You can enable this feature under the Mist Tunnel settings.
Split-tunnel capability is applicable for a single remote AP at a site.
After you enable split tunneling, IP addresses listed in the Destination Subnet field are tunneled back to the Juniper Mist Edge. The rest IP addresses are locally bridged. Additionally, DNS Servers field, when configured, provides a way to use corporate DNS servers to resolve URLs/FQDNs for both tunneled and locally bridged traffic.
When you enable split tunneling, the AP serves the 192.168.157.X/27 IP address from a private subnet that it runs for clients. Traffic destined for the corporate office, defined in Destination Subnet, is translated to the corporate IP. The corporate IP is the IP that the AP receives from the VLAN of the corporate WLAN. The rest of the wireless client traffic is translated to the AP’s management VLAN IP address.
Configure the Tunnel Gateway setting with the client subnet gateway. This is the gateway for the VLAN mapped to the WLAN. Note that you can configure multiple destination subnets. You can also add the IP addresses and separate them by commas.
Make corporate DNS servers part of the Destination Subnet, or add the servers as a /32 entry.