From my experience with CSD, it provides a sandbox environment on your PC, which takes care of some predefined elements and allows you to leave no trace whatsoever of activity performed while working within CSD.
While this allows you to connect to your internal neworks while connected, it won't disallow connections from your local PC to the same networks, if this is what you want to do.
You could configure the Clientless SSL VPN Portal, to allow users to trigger the allowed applications only from there , thus disallowing direct connectivity.