This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
RemoteUser
Advisor
‎2026-01-13 04:10 AM

How to exclude a network or host form split tunnel

Hi Mates!!

Can anyone help me to understand, How I can exclude a network from Check Point split tunneling?

0 Kudos
10 Replies
the_rock
MVP Diamond
MVP Diamond
‎2026-01-13 04:56 AM

Hey bro,

See if below helps.

https://community.checkpoint.com/t5/Remote-Access-VPN/Domain-objects-in-remote-access-vpn-domain/m-p...

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
RemoteUser
Advisor
‎2026-01-13 05:04 AM
In response to the_rock

based on the documentation:
Note: Starting R81.20 Jumbo Hotfix Accumulator Take 122 you can add host/network/range objects for split tunnel on exclusion/inclusion modes.

i can exclude network only from 122? right?

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-01-13 05:05 AM
In response to RemoteUser

I am fairly sure I had done that for a client thats on way lower jumbo on R81.20

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
RemoteUser
Advisor
‎2026-01-13 05:09 AM
In response to the_rock

Idk brother..

 

Important:

  • Naming is critical – the system uses this prefix to identify the mode.

  • The group must directly contain only these object types:

    • Updatable objects

    • Dynamic objects

    • Domain objects

    Nested groups are not supported, even if the nested group contains only allowed object types.

    Note: Starting R81.20 Jumbo Hotfix Accumulator Take 122 you can add host/network/range objects for split tunnel on exclusion/inclusion modes.
0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-01-13 05:10 AM
In response to RemoteUser

Thats right...IT HAS TO START with exclusions_

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
RemoteUser
Advisor
‎2026-01-13 05:12 AM
In response to the_rock

yeah i know about that but i asking if it start from 122, but if you told me that you've alreday do that in lower version i trust you

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-01-13 05:19 AM
In response to RemoteUser

I just checked my notes and I see my colleague and I did this for a client on R81.20 jumbo 99

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
RemoteUser
Advisor
‎2026-01-13 05:20 AM
In response to the_rock

thank you brother i'll try 

the_rock
MVP Diamond
MVP Diamond
‎2026-01-13 05:21 AM
In response to RemoteUser

Sure! Let us know how it goes.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
CP_Chris
Employee Employee
Employee
Thursday
In response to RemoteUser

Late to the party, but take 122 is where we added the ability to do inclusions for dynamic objects. Prior to this only exclusions were allowed. The difference is when using hub mode, you want to exclude dynamic objects to allow them to go direct to the Internet versus when already using split tunnel (only sending encryption domain across tunnel) but want to add dynamic sites that need to be routed through the RA VPN.

The include is probably most useful when third-party vendors whitelist the IP that is allowed to access a resource. This allows you to force their domain down the RA VPN so the RA users end up using your external (whitelisted) IP.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events