Overview of Split Tunnel
Split tunneling enables you to keep sensitive traffic secure without impacting internet speeds by routing specific IP address over the encrypted tunnel and allowing other IP addresses to accesses the Internet directly.
In line with security best practices, split tunneling is disabled by default.
To enable this feature, you can:
Globally define (for all SDP users) which IP addresses are routed through or excluded from the encrypted tunnel. For more information, see Configuring Split Tunnel for SDP Clients.
Let SDP users define which IP addresses are routed through or excluded from the encrypted tunnel on their device.
From the Cato Management Application, enable and configure the Split Tunnel feature to allow SDP users to define the own split tunnel settings on their Client.
To enable Split Tunnel for SDP users:
In the Access > Client Access section, from the Split Tunnel section, on the Enforcement drop down menu, select End-user defined.
In the Client, SDP users can upload files with the IP ranges that are included or excluded from the tunnel.
To define split tunnel definitions:
Create a text file with the IP addresses to route through or excluded from the encrypted tunnel.
You can configure the following rules within the text file:
Include: Traffic to the IP range is routed through the encrypted tunnel. All other traffic is routed directly to the Internet. In the text file, add the list of IP address and netmask to route through the encrypted tunnel as follows:
/comment include <IP>,<netmask> <IP>,<netmask>For example:
/splittunnel include 198.51.100.0,255.255.255.255
Exclude: Traffic to the IP range is routed directly to the Internet. All other traffic is routed through the encrypted tunnel. In the text file, add the list of IP address and netmask to route directing to the Internet as follows:
;comment exclude <IP>,<netmask> <IP>,<netmask>For example:
/splittunnel exclude 198.51.100.0,255.255.255.255
You can use a slash (/) or semicolon (;) for comments.
On the Windows Client, on the Settings screen, click Upload File and upload the text file.
On the macOS Client, on the Settings screen, select Split Tunnel Enabled.
- On the Windows Client, on the Settings screen, select Enable split tunnel.
On the macOS Client, click Upload Split Tunnel Configuration and upload the text file.