Jump to content
Welcome to our new Citrix community!

Specific Internet IP addresses through the SNIP with Split Tunnel ON

Marcel Zunnebeld

Recommended Posts

We would like to run traffic to Exchange Online via the SNIP address of the NetScaler, in order to be able to block all traffic that does not go via the SNIP via Condition Access in Azure.
(we want to allow only Secure Mail to connect to Exchange Online, and block the Outlook app and Native Mail app without using the XenMobile Mail Manager but by using Conditional Access in Azure)
We have Split Tunnel ON on the Gateway and would prefer to leave it that way.
We have entered all IP addresses for Exchange Online as Intranet Application IP addresses (en bind these to the Gateway Virtual Server), but the traffic is not yet going through the SNIP. Do you need more configuration for this? Or are we doing something wrong?
I hope someone in this forum knows a solution for this use case.
Thanks in advance!
Kind regards,

Link to comment
Share on other sites

Hi Marcel,


Can you try to set the "Split Tunnel" feature to OFF and check what happens with the communication?

Your mission sounds really difficult because MS Exchange Online includes so many network addresses and grows every day. 

I would prefer to set "Split Tunnel" to OFF and send all request through the SNIP. You can additionally define traffic actions for the web proxy configuration.




Link to comment
Share on other sites

  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...