We are using Split tunneling and want to force vpn client to download data from Microsoft
Question
Hi Team,
We are using split tunneling and already whitelist Microsoft update IP address/website in ASA-firewall.
Our client still downloading from on-perm Distribution point not from the Microsoft.
NOTE: This software Update group already downloaded and distribute to DP but now i want our VPN client will not download data from DP but from Microsoft.
Answers ( 4 )
I guess what is happening – since the SUG package content already replicated to DP and VPN boundaries are configured, as expected the VPN machines are contacting DP for content.
May be you can remove the content from DP and initiate deployment with the setting checked to go to MS if content not available in DP
Hello – Do you already have a boundary group defined for vpn clients?
The DP in the screenshot is part of that boundary group assignment.
Can you test this whether the whitelisting or spilt tunnelling is working by remove that content from the DP?
Also, can you try to create a software update deployment without any software update package ?
I have explained in the following post https://howtomanagedevices.com/sccm/1603/sccm-config-to-help-to-reduce-vpn/
Does that helpful
Thanks for guidance.
Now, i am in situation where i need to remove this April 2020 software updates from existing package Year-2020.
is there a way we can remove content from Package without removing entire package from DP.
Can you spilt the boundary group for test devices and don’t add DP into the boundary group setting … does that work ? I never tested this but its bit daisy
Other option is remove that deployment from that collection and initiate another deployment with no package ? What you think ?