https://community.checkpoint.com/t5/SASE-and-Remote-Access/selective-split-tunneling-based-on-destination/m-p/80641#M10824 <P>R80.30</P><P>Split Tunneling is currently disabled.</P><P>Is there a way to enable it only for certain destinations? Like when going to youtube or if using Teams?</P><P>&nbsp;</P><P>thanks</P><P>&nbsp;</P> Thu, 02 Apr 2020 17:37:11 GMT flachance 2020-04-02T17:37:11Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/selective-split-tunneling-based-on-destination/m-p/80641#M10824 <P>R80.30</P><P>Split Tunneling is currently disabled.</P><P>Is there a way to enable it only for certain destinations? Like when going to youtube or if using Teams?</P><P>&nbsp;</P><P>thanks</P><P>&nbsp;</P> Thu, 02 Apr 2020 17:37:11 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/selective-split-tunneling-based-on-destination/m-p/80641#M10824 flachance 2020-04-02T17:37:11Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/selective-split-tunneling-based-on-destination/m-p/80694#M10825 By definition Split Tunneling means "route some traffic across VPN and route everything else to the Internet directly."<BR />Route All Traffic means exactly that with the local subnet as a possible exception to this rule.<BR />What you probably want is a Remote Access domain that contains everything BUT specific web-based applications.<BR />Currently, we don't offer an easy way to create that.<BR /><BR />Personally, I'm not a fan of the "Route All Traffic" approach as it doesn't really scale.<BR />You can get visibility and protection for the Endpoint by deploying the appropriate controls.<BR />Better yet: They don't require you to be connected via VPN for them to apply. Fri, 03 Apr 2020 00:57:33 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/selective-split-tunneling-based-on-destination/m-p/80694#M10825 PhoneBoy 2020-04-03T00:57:33Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/selective-split-tunneling-based-on-destination/m-p/87559#M10826 Hi<BR />This was discussed in <A href="https://community.checkpoint.com/message/20006-re-exclude-subnet" target="_blank">https://community.checkpoint.com/message/20006-re-exclude-subnet</A> Mon, 08 Jun 2020 05:12:34 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/selective-split-tunneling-based-on-destination/m-p/87559#M10826 remi0403 2020-06-08T05:12:34Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/selective-split-tunneling-based-on-destination/m-p/116117#M10827 <P>That discussion was for a reverse of this question.</P><P>I have a similar issue as this.&nbsp; However, mine is more simpler, we don't need for&nbsp;<SPAN>specific web-based applications, just specific IP addresses.</SPAN></P><P>&nbsp;</P> Thu, 15 Apr 2021 12:34:54 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/selective-split-tunneling-based-on-destination/m-p/116117#M10827 PointOfChecking 2021-04-15T12:34:54Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/selective-split-tunneling-based-on-destination/m-p/116131#M10828 <P>The encryption domain is IP addresses in the end.<BR />Basically you’d be creating an encryption domain for everything except for the IPs in question.<BR />Similar to this (except you’d define the specific IPs to exclude):&nbsp;<A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk167000&amp;partition=Basic&amp;product=IPSec" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk167000&amp;partition=Basic&amp;product=IPSec</A></P> Thu, 15 Apr 2021 16:06:50 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/selective-split-tunneling-based-on-destination/m-p/116131#M10828 PhoneBoy 2021-04-15T16:06:50Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/selective-split-tunneling-based-on-destination/m-p/116132#M10829 <P>Thanks for the pointers!&nbsp; Got it.</P> Thu, 15 Apr 2021 16:11:04 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/selective-split-tunneling-based-on-destination/m-p/116132#M10829 PointOfChecking 2021-04-15T16:11:04Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/selective-split-tunneling-based-on-destination/m-p/214198#M10830 <P>Hi,<BR /><BR /></P><P>Unfortunately, the sk167000 described here does not work for Quantum Sparc Gateways. No matter what I configure, an exception group does not work and is ignored. I have not found any limitations. Do you know of any or is there a trick to circumvent this limitation?</P><P>Management Version R81.20 JHF Take53<BR />Gateway: 1595W5G R81.10.10 Build 2906<BR /><BR />Thank you.</P> Tue, 14 May 2024 16:01:01 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/selective-split-tunneling-based-on-destination/m-p/214198#M10830 Rene_Moeller1 2024-05-14T16:01:01Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/selective-split-tunneling-based-on-destination/m-p/214209#M10831 <P>Likely will need a TAC case to confirm this is a bug or an RFE that should be addressed via your local Check Point office:&nbsp;<A href="https://help.checkpoint.com" target="_blank">https://help.checkpoint.com</A>&nbsp;</P> Tue, 14 May 2024 17:04:34 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/selective-split-tunneling-based-on-destination/m-p/214209#M10831 PhoneBoy 2024-05-14T17:04:34Z