Contents x
    Split Tunneling
    • 04 Jun 2024
    • 1 Minute to read
    • Contributors
      Contents

      Split Tunneling

      • Updated on 04 Jun 2024
      • 1 Minute to read
      • Contributors
        Article summary

        Understanding Split Tunneling

        • Split Tunneling lets specific data go through the VPN, while other data accesses the internet directly.
        • Useful for accessing local resources without bypassing the VPN.

        How to Set Up Split Tunneling

        This article describes how to incorporate split tunneling into your network. 
        If you would like to select specific network subnets to go through from the client to the Harmony SASE network instead of full tunnel mode (where all the traffic is encrypted and proxied through the Harmony SASE network), you will need to manually specify which subnets you’d like to include or exclude through the tunnel.

        To change your Split Tunneling configuration, go to Networks -> Select your network, and click on the "..." button, then "Split tunneling":

        360006609179splittunneling.png

        FQDN Split Tunneling
        Split Tunneling by FQDN is available using 10.1.x agents and above. Lower-version agents will ignore Split-Tunneling settings by FQDN and revert to full tunneling if it is defined.

        Configuring Split Tunneling for a Network

        1. Access the Harmony SASE Administrator Portal and click Networks.
        2. Select your network.
        3. Click the more icon (...) and click Split Tunneling.
               The Split Tunneling window appears.
        4. Select one of these:
          ItemDescription
          Automatic (Full tunnel)Allows all the traffic through the tunnel. That is, split tunneling is disabled. This is the default setting.
          Manual
          • Include - Enter the subnets, FQDN, or IP addresses that you want to pass through the tunnel. This is the default setting.
          • Exclude - Enter the subnets, FQDN, or IP addresses that you want to bypass the tunnel.
          Important:
          The processing time depends on the system resource. It takes up to 3 seconds for every 500 subnets.
        5. Click Apply.

        Recommendations

        • Identify the IPs and IP ranges you want to bypass before using Split Tunneling.
        • Periodically check your configuration settings for accuracy.

        Troubleshooting

        If you encounter issues during or after the setup, try reviewing your settings to ensure everything matches the instructions. In particular, check the IP addresses and other details you entered during setup. If issues persist, please consult our dedicated support.

        Support Contacts

        If you have any difficulties or questions, don't hesitate to contact Harmony SASE's support team. We offer 24/7 chat support on our website at Perimeter81.com, or you can email us at sase-support@checkpoint.com. We're here to assist you and ensure your VPN tunnel setup is a success.

        Was this article helpful?
        What's Next