Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Juan_Karlo_Cris
Explorer

Split Tunnel

Jump to solution

Hi Everyone,

Can someone help how to do split tunnel. I want to force the traffic of the VPN user to use their local internet provider when connected to the VPN tunnel so it will not consume the bandwidth of the company.

Thanks

2 Solutions

Accepted Solutions
Pedro_Espindola
Advisor

Hello Juan,

The configuration is done in Global Properties. It is enabled by default. Configure the option "Route all traffic to gateway" to "No".

You can also set it to "Configured on endpoint client", so the user can route everything through gateway to be safer when needed.

Configure split tunnel

View solution in original post

Sanjay_S
Advisor

Hi AndreiR,

You just need to add the new subnet in the VPN Domain.

View solution in original post

11 Replies
Houssameddine_1
Collaborator

Split tunneling is enabled by default. you don't have to do anything.

Gaurav_Pandya
Advisor

Yeah Correct. Split tunneling is enabled by default for remote VPN users. You need to enable setting if you don't want split tunneling but by default it is enabled.

Pedro_Espindola
Advisor

Hello Juan,

The configuration is done in Global Properties. It is enabled by default. Configure the option "Route all traffic to gateway" to "No".

You can also set it to "Configured on endpoint client", so the user can route everything through gateway to be safer when needed.

Configure split tunnel

View solution in original post

Sanjay_S
Advisor
Hi All,

How to add a route in the routing table of the Remote Access VPN user?
0 Kudos
AndreiR
Employee
Employee

Hi Sanjay_S,

What's your final goal: to forward traffic to encryption domain or to exclude some traffic from encryption domain?

Are you working in hub mode when all traffic is routed to gateway or in regular mode (split tunnel) when non-encryption domain traffic is not routed to gateway?

Sanjay_S
Advisor
Hi AndreiR,
We are using Split tunnel mode. My goal is to add an additional subnet in the route table of the user machine when connected to Checkpoint endpoint security for a subnet and that should be routed towards Gateway.
0 Kudos
AndreiR
Employee
Employee

Hi @Sanjay_S ,

You may manually define VPN domain. Open Smart Console, open properties for specific gateway, go to Network Management –> VPN Domain. There you can select "Manual defined" and specify VPN domain using predefined network objects.

Hope that helps.

Itops
Explorer

if im using splittunnel setup and i would like to have the same rules, that is: a user should not have access to socialmedia when he is at the office and also when he is using splittunnel vpn. what do you suggest in this case?

0 Kudos
PointOfChecking
Contributor

I also want to do this.  I do not want to enable hub mode, but want to add additional subnet range of a 3rd party website.

I added the external range to my VPN Domain, but still no luck.

I don't even see any blocked packets in the Logs (either before or after the change).

Please help.

 

0 Kudos
Sanjay_S
Advisor

Hi AndreiR,

You just need to add the new subnet in the VPN Domain.

View solution in original post

PointOfChecking
Contributor

Thanks! That's worked!!  I changed the wrong object at first.

 

 

 

0 Kudos