We have a few users who use their Macbooks remotely and VPN to other devices. Our current VPN profile does not allow split tunneling but some users need to be able to VNC to the macbook from their workstation on the LAN. Up to Yosemite you could simply run ./ipfw firewall disable after anyconnect connected and it would allow local lan traffic. After a user upgraded to sierra this no longer since ./ipfw was fully deprecated and no longer works in Sierra.
Does anyone know how Anyconnect now modifies the devices firewall and route tables and how to temporarily disable those?