This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
RemoteUser
Advisor
yesterday
Jump to solution

Split Tunnel vs Full Tunnel

Hi mates,

I’d like to understand how to verify whether my Check Point client VPN is configured as full tunnel or split tunnel.
Additionally, could you please explain the main differences between these two configurations?

Thanks in advance.

0 Kudos
1 Solution

Accepted Solutions
the_rock
MVP Platinum
MVP Platinum
yesterday
In response to RemoteUser
Jump to solution

Hey brother,

Here it is, Personally, I would always go with split tunnel, rather than full, but some companies may have different requirements. Here is why I say that. So, with full tunnel, as Im sure you know, all users' traffic will go through the firewall, so though its all visible to fw admins, it puts additional load on it. With split tunnel, if users choose to visit bad websites, well, we are adults, its their choice, but then at least it would go through their ISP link.

 

Hope that makes sense.

Screenshot_2.png

Screenshot_1.png

  

Best,
Andy

View solution in original post

0 Kudos
7 Replies
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
yesterday
Jump to solution

You can review the split tunnel configurations as outlined in the Remote Access admin guide and compare to your setup e.g.

https://sc1.checkpoint.com/documents/R82/WebAdminGuides/EN/CP_R82_RemoteAccessVPN_AdminGuide/Content... (other relevant topics include hub mode)

Full tunnel essentially forces all traffic back to the gateway and out to the Destination / Internet.

This may improve security at the expense of performance/latency depending on the presence of other mitigating controls of course.

 

CCSM R77/R80/ELITE
0 Kudos
RemoteUser
Advisor
yesterday
In response to Chris_Atkinson
Jump to solution

Hi @Chris_Atkinson 
thank you very much.

Could you please let me know how I can verify whether my firewall is configured for full tunnel or split tunnel?
Where exactly should I check this setting?

 

0 Kudos
the_rock
MVP Platinum
MVP Platinum
yesterday
In response to RemoteUser
Jump to solution

Hey brother,

Here it is, Personally, I would always go with split tunnel, rather than full, but some companies may have different requirements. Here is why I say that. So, with full tunnel, as Im sure you know, all users' traffic will go through the firewall, so though its all visible to fw admins, it puts additional load on it. With split tunnel, if users choose to visit bad websites, well, we are adults, its their choice, but then at least it would go through their ISP link.

 

Hope that makes sense.

Screenshot_2.png

Screenshot_1.png

  

Best,
Andy
0 Kudos
RemoteUser
Advisor
yesterday
In response to the_rock
Jump to solution

Thanks Andy, that makes perfect sense. However, I checked now and see that in the global properties it is set to no, but in remote access for VPN clients it is selected, so it is enabled in "allow".
Does that mean I'm in split or full mode? Sorry, I'm a little confused... thanks, bro.

the_rock
MVP Platinum
MVP Platinum
yesterday
In response to RemoteUser
Jump to solution

If its disabled in global properties, then its split mode.

Best,
Andy
RemoteUser
Advisor
yesterday
In response to the_rock
Jump to solution

thk as usual buddy 

0 Kudos
the_rock
MVP Platinum
MVP Platinum
yesterday
In response to RemoteUser
Jump to solution

Any time buddy.

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events