This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
flachance
Advisor
‎2020-04-02 10:37 AM
Jump to solution

selective split tunneling based on destination

R80.30

Split Tunneling is currently disabled.

Is there a way to enable it only for certain destinations? Like when going to youtube or if using Teams?

 

thanks

 

1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2021-04-15 09:06 AM
In response to PointOfChecking
Jump to solution

The encryption domain is IP addresses in the end.
Basically you’d be creating an encryption domain for everything except for the IPs in question.
Similar to this (except you’d define the specific IPs to exclude): https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

View solution in original post

7 Replies
PhoneBoy
Admin
Admin
‎2020-04-02 05:57 PM
Jump to solution

By definition Split Tunneling means "route some traffic across VPN and route everything else to the Internet directly."
Route All Traffic means exactly that with the local subnet as a possible exception to this rule.
What you probably want is a Remote Access domain that contains everything BUT specific web-based applications.
Currently, we don't offer an easy way to create that.

Personally, I'm not a fan of the "Route All Traffic" approach as it doesn't really scale.
You can get visibility and protection for the Endpoint by deploying the appropriate controls.
Better yet: They don't require you to be connected via VPN for them to apply.
remi0403
Explorer
‎2020-06-07 10:12 PM
Jump to solution

Hi
This was discussed in https://community.checkpoint.com/message/20006-re-exclude-subnet
0 Kudos
PointOfChecking
Collaborator
‎2021-04-15 05:34 AM
In response to remi0403
Jump to solution

That discussion was for a reverse of this question.

I have a similar issue as this.  However, mine is more simpler, we don't need for specific web-based applications, just specific IP addresses.

 

0 Kudos
PhoneBoy
Admin
Admin
‎2021-04-15 09:06 AM
In response to PointOfChecking
Jump to solution

The encryption domain is IP addresses in the end.
Basically you’d be creating an encryption domain for everything except for the IPs in question.
Similar to this (except you’d define the specific IPs to exclude): https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

PointOfChecking
Collaborator
‎2021-04-15 09:11 AM
In response to PhoneBoy
Jump to solution

Thanks for the pointers!  Got it.

0 Kudos
Rene_Moeller1
Contributor
‎2024-05-14 09:01 AM
In response to PhoneBoy
Jump to solution

Hi,

Unfortunately, the sk167000 described here does not work for Quantum Sparc Gateways. No matter what I configure, an exception group does not work and is ignored. I have not found any limitations. Do you know of any or is there a trick to circumvent this limitation?

Management Version R81.20 JHF Take53
Gateway: 1595W5G R81.10.10 Build 2906

Thank you.

0 Kudos
PhoneBoy
Admin
Admin
‎2024-05-14 10:04 AM
In response to Rene_Moeller1
Jump to solution

Likely will need a TAC case to confirm this is a bug or an RFE that should be addressed via your local Check Point office: https://help.checkpoint.com 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events