Do you recognize a good idea when you see one? We want to hear from you!
Header Image

I suggest you ...

Inverse Split Tunneling

Currently Split Tunneling is setup so that by default all traffic is sent to the internet and traffic to be sent to ASG is the split traffic's definition. It would be very convenient to add another setting where the reverse is true. By default all traffic goes to the ASG and the traffic defined as split gets sent directly out to the internet.

This would be huge advantage for a few reasons. Sending known good traffic directly to the internet would reduce the bandwidth needed at the central office. It would lower the latency for said traffic (very useful for hosted Voip). Failure of the central ASG would allow any of this split traffic to continue to flow.

15 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    JeremyJeremy shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    4 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Jeremy MeyerJeremy Meyer commented  ·   ·  Flag as inappropriate

        As Anon noted this is exactly what I am looking for here. We have hosted services from voip and application providers. I would like to be able to define those IP addresses or DNS entries where in traffic is allowed directly to the internet but all undefined traffic is sent via the RED tunnel to allow filtering.

      • Anonymous commented  ·   ·  Flag as inappropriate

        hi bob,
        sorry, but the way i understand it is like Jeremy:
        in split mode, by default, everything goes directly to the internet, unless specified to go to the ASG/UTM.

        Some of my clients have a few very well know web sites (extranet, job related sites) that doesn't need to go through the tunnel. it is also the case for windows updates ('in my opinion). but apart from these few sites, everything else should be protected by the ASG/UTM.

      • JeremyJeremy commented  ·   ·  Flag as inappropriate

        I don't think this is the way it works currently

        Currently the when the standard/split option is selected split networks are defined as:
        This is the list of networks that will be redirected to the ASG. Traffic to all other destinations will leave the remote network via the normal default gateway.

        What I am looking for is:
        This is the list of networks that will leave the remote network via the normal default gateway. Traffic to all other destinations will be redirected to the ASG.

      Feedback and Knowledge Base