Dear Checkmates. This is my first post and I am new to Checkpoint products so please accept my apologies if information is missing or incomplete. I would welcome advice on what details to provide in future. My organisation's public Internet perimeter is protected by a pair of CPAP-SG5900-NGTX appliances running Gaia R80.20 in a cluster XL configuration. These appliances have the Mobile Access blade licensed (amongst other blades). We have remote clients connecting to the 5900 appliances via the Checkpoint Endpoint Security VPN software (E80.87 Build 986009514). I have had a request to route a particular public IP address over the VPN tunnel instead of natively routing via the Public Internet. I can see that many extra IP routes are added to the client's routing table when the VPN software is connected. When the VPN is disconnected, these additional IP routes are no longer present. The new destination IP address does not appear in the list of additional routes. I assume that these additional routes are downloaded from the appliance? My question is how and where are these additional routes configured? The R80.20 administration guide suggest using the Check Point Database Tool (GuiDBedit) via sk13009 but I am unable to load this application when I point it at either of the appliances or the mgmt. appliance. I receive a pop up telling me that the 'Connection cannot be initiated'. A Google search of this suggests that there may be a firewall rule blocking access. I have no explored this further in case there is another solution. Again, apologies if my explanation is missing any important information. Please let me know what information will assist further. Many thanks, Andy