Cato Client Split Tunnel

Updated August 28, 2022 12:48
11 comments

Split tunneling enables routing of only specific traffic over the VPN connection, while other traffic accesses the Internet directly. For more about Split Tunnel in the Cato Management Application, see Configuring Split Tunnel for SDP Clients.

The administrator can decide to enable this feature globally to all VPN users or let the VPN users to configure their own split tunneling definitions.

In order for a VPN user to configure their own split tunnel settings, please select the Split Tunnel Enabled option.

In MAC:

In Windows:

As a next step, you'll need to upload a CCST text file to configure the addresses and ranges.

Create the text file with a list of IP address and netmask that are included or excluded from the Client. You can use a slash / or semicolon ; for comments.

/comment
include
<IP>,<netmask>
<IP>,<netmask>

;comment
exclude
<IP>,<netmask>
<IP>,<netmask>

For example:

Was this article helpful?

7 out of 9 found this helpful

Comments

11 comments

Juki kushiyama
- November 01, 2019 00:44
How does include or exclude work?

Does Split means another tunnel not bypass?

Is there a way to bypass Cato in VPN Client?

0
Yaakov Simon
- November 03, 2019 07:40
Hi Kushiyama,

Please take a look at this article about configuring split tunneling in the Cato Management Application: https://support.catonetworks.com/hc/en-us/articles/360001945817

I think it will answer your questions.

Thanks!

0
Kumiko Ohara
- March 03, 2020 06:20
Is it possible to configure FQDN?

0
Yaakov Simon
- March 03, 2020 08:52
Kumiko,

You can't use FQDN for the split tunnel feature, only IP addresses and subnets.

Thanks!

0
Kumiko Ohara
- March 03, 2020 08:55
Yaakov Simon

Understood, thank you!

0
Joseph Webb
- April 12, 2020 08:04
Is there a way to prevent local LAN access with the Cato VPN client? The split tunneling feature appears to work, but a connected VPN client can still access devices on the local LAN and that is not desirable in what we are trying to test. Thoughts?

0
Alex Koshlich
- June 28, 2021 19:32
Is there a way to add comments to the configuration file? '#' seem to break the file.

0
Neil Ticktin
- January 28, 2022 15:19
Is there a way to include comment lines in the config? e.g., proceeded by a ; or something?

0
Yaakov Simon
- February 06, 2022 18:06
Alex and Neil,

Thanks for the question about adding comments to the split tunnel file.

The file is a CCST file, and you can use a slash / or semicolon ; for comments.

I updated this article with the information about comments.

0
Matthew Tan
- August 08, 2022 10:03
There should be a referenceon this page to this article https://support.catonetworks.com/hc/en-us/articles/4413265651217-Configuring-Split-Tunnel-for-SDP-Clients

Which is a newer feature to manage split tunnel settings in the Cato portal instead of on the user device itself..

0
Yaakov Simon
- August 28, 2022 12:49
Matthew,

I couldn't agree more! I added the link you referenced to the beginning of the article.

Thanks!

0