Hi Tommy,
I didn't get anything that helped my situation. Most orgs use VPN just for local traffic and usually continue to send all internet traffic over the user's local internet connection, split tunnelling hasn't been required
In our case where we are routing all traffic over the VPN (except for our Office365 tenant) - it would be impossible to only split Genesys Cloud traffic due to the shared (and changing) AWS IP ranges as well as the shared FQDN's (e.g. cloudfront.net,
bam.nr-data.net, js-agent.newrelic.com,etc)
We could try just splitting *some* of the Genesys Cloud traffic that we 100% know is Genesys Cloud including the CIDR IP range and the relevant FQDN's (e.g. mypurecloud.com.au, apse2.pure.cloud, etc) to get some of the traffic off the VPN - but I'm sure Genesys Cloud won't like the different endpoint IP's and probably break something.
Cheers,
Jeff.
Original Message:
Sent: 01-11-2022 04:02
From: Tommy Braes
Subject: VPN split tunneling - Genesys Cloud best practice?
Jeffrey,
Did you ever get feedback on this via other channels (support, ...)?
I'd be interested in this info as well.
rgds,
Tommy
------------------------------
Tommy Braes
CX Consultant
Proximus PLC
tommy.braes.ext@proximus.com
Original Message:
Sent: 08-09-2021 21:24
From: Jeffrey Hoogkamer
Subject: VPN split tunneling - Genesys Cloud best practice?
Just bumping this thread.
Maybe @Chris Bohlin has some input :D
------------------------------
Jeff
Original Message:
Sent: 06-17-2021 02:56
From: Jeff Hoogkamer
Subject: VPN split tunneling - Genesys Cloud best practice?
Hi All,
Part of the working from home optimization our organisation did back in 2020, one of the activities was to implement VPN split tunnelling for Office365 (including Teams and Skype for Business) so traffic for 'as a Service' cloud applications didn't have to use our VPN resources and could go direct on the user's local internet connection.
We're new to the Genesys Cloud (using BYOC Cloud) after moving from PureConnect, and looking at whether there's any best practices for Genesys Cloud WFH optimization as well. I had a look around the Resource Center and forums, and the only thing I really found was a forum post about checking connectivity.
Based on the guides I've seen from Microsoft and translating it over to Genesys Cloud, the main items they refer to is to Identify the endpoints to optimize including URL's and IP Address Ranges.
Optimize URLs
As for the URL's, those should be relatively easy to identify specifically for Genesys Cloud based on the Domains for the firewall allowlist
Optimize IP Address Ranges
For the Genesys Cloud Media services (including WebRTC stations), this is now easy due to the CIDR IP address range (52.129.96.0/20).
However for the remainder of the Genesys Cloud application on AWS (including CloudFront, S3 and others) - this is where it gets a little more tricky to only allow traffic specifically for Genesys Cloud and not everything on Amazon AWS.
Also some VPN vendors (suck as CheckPoint) also recommend only using IP address based VPN split tunelling rather than using FQDN's - which also becomes an issue with Genesys Cloud using all of Amazon AWS IP ranges in the region.
So my questions from here are:
1. Should we be optimizing Genesys Cloud at all using VPN split tunnelling?
2. If we should - would optimizing the URL's and only the Genesys Cloud Media Services IP Address range be sufficient?
3. Do we need to optimize the rest of Amazon AWS IP addresses as well?
Thanks in advance.
#ArchitectureandDesign
#Implementation
#PlatformAdministration
#SystemAdministration
------------------------------
Jeff
------------------------------