Inverse Split Tunneling
Currently Split Tunneling is setup so that by default all traffic is sent to the internet and traffic to be sent to ASG is the split traffic's definition. It would be very convenient to add another setting where the reverse is true. By default all traffic goes to the ASG and the traffic defined as split gets sent directly out to the internet.
This would be huge advantage for a few reasons. Sending known good traffic directly to the internet would reduce the bandwidth needed at the central office. It would lower the latency for said traffic (very useful for hosted Voip). Failure of the central ASG would allow any of this split traffic to continue to flow.
Jeremy Meyer commented
As Anon noted this is exactly what I am looking for here. We have hosted services from voip and application providers. I would like to be able to define those IP addresses or DNS entries where in traffic is allowed directly to the internet but all undefined traffic is sent via the RED tunnel to allow filtering.
sorry, but the way i understand it is like Jeremy:
in split mode, by default, everything goes directly to the internet, unless specified to go to the ASG/UTM.
Some of my clients have a few very well know web sites (extranet, job related sites) that doesn't need to go through the tunnel. it is also the case for windows updates ('in my opinion). but apart from these few sites, everything else should be protected by the ASG/UTM.
I don't think this is the way it works currently
Currently the when the standard/split option is selected split networks are defined as:
This is the list of networks that will be redirected to the ASG. Traffic to all other destinations will leave the remote network via the normal default gateway.
What I am looking for is:
This is the list of networks that will leave the remote network via the normal default gateway. Traffic to all other destinations will be redirected to the ASG.
Bob Alfson commented
Jeremy, tihis is the way it works.