Cato Networks Knowledge Base

Configuring Split Tunnel for SDP Clients

  • Updated

Overview of Split Tunnel

Split tunneling enables routing of only specific traffic over the VPN connection, while other traffic accesses the Internet directly.

You can globally define (for all SDP users) which IP addresses are routed through or excluded from the VPN connections. Alternately, you can enable SDP users to configure their own split tunneling definitions.

In line with security best practices, split tunneling configuration is enforced from the Cato Management Application by default, and all traffic is routed to the VPN tunnel (split tunneling is disabled).

Configuring Split Tunnel for VPN Clients

The Split Tunnel section lets you configure the split tunneling settings for all the Cato Clients in the account.

SplitTunnel.png

Enforcing the Split Tunnel Policy for All VPN Clients

You can configure all the VPN clients in the organization to use the split tunnel policy that is defined in the Cato Management Application. You can configure the following rules for traffic to the defined IP range:

  • Exclude: traffic to the IP range is routed directly to the Internet. All other traffic is routed through the VPN connection.

  • Include: traffic to the IP range is routed through the VPN connection. All other traffic is routed directly to the Internet.

To configure the split tunnel settings for all VPN clients:

  1. From the navigation menu, click Access > Client Access.

  2. Expand the Split Tunnel section.

  3. From the Enforcement drop-down menu, select Cato Management Application.

  4. Select the Enable Split Tunnel.

  5. Select the Action for the split tunnel rules, Include or Exclude.

  6. Configure rules for traffic that can bypass the VPN connection:

    1. Click New.

      The Add panel opens.

    2. Enter the Name for the rule.

    3. In Subnet, enter the IP range that is included or excluded for the VPN tunnel.

    4. Click Apply.

  7. To delete a rule, click Delete.png (Delete).

  8. Click Save.

Configuring VPN Users to Select Split Tunnel Settings

You can configure to let each SDP user configure the split tunnel settings for themselves.

Note

Note: For more about configure split tunneling for a Client, see the Cato Client Installation and User Guide for the relevant operating system.

To enable SDP users to configure their split tunnel settings:

  1. From the navigation menu, click Access > Client Access.

  2. Expand the Split Tunnel section.

  3. From the Enforcement drop-down menu, select End-user defined.

  4. Click Save.

Was this article helpful?

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.