Split Tunnel basis FQDN/Domain

Question

I am facing some issue wherein I am not able to browse some government site. There was an article on the same as well. As of now , I have configured split tunnel basis exclude IP and I have excluded IP address of one of the website of Government but this is not going to work as I have multiple websites of government which is not opening.

Why there is no option to bypass or split tunnel basis FQDN or domain then I can exclude traffic for Government sites as it becomes a task for doing split tunnel basis individual IP address. Is it on road map as well or not?

michaelsaw · Answer

Hi PrakashRIndia,&nbsp;Appreciate your valuable feedback.We understand your concerns.Would you be able to submit a feature request (RFE) on this?Thank you.

prakashrindia · Answer

Pls find below details for raising RFE:-RFE Name: Split Tunnel Policy configuration basis FQDNs or Domain Names.&nbsp;What is the specific use case or problem?Many websites especially Government websites are not opening while users are connected via either SDP client or behind a site. We have to bypass traffic from CATO for these kind of websites or application so that traffic is not routed via Cato. We don't have Socket in our organisation but we have SDP and Site license.&nbsp;&nbsp;Describe the current functionality:Currently, we can only specify IP addresses for split tunnelling, which limits our ability to manage traffic based on the domain names/FQDN. This requires us to manually update IP addresses whenever there are changes. This is a complete manual process to first find out Global/public IP of the affected website and then manually add in split tunnel policy instead of bypassing entire domain of the government which we don't want to route via Cato.&nbsp;Describe the proposed solution:We request the ability to specify FQDNs or Domains in the split tunnel configuration. This would allow us to define splitting tunnel basis FQDN/ domain names, making it easier to manage and update our network configurations. And also, this will provide more flexibility in defining routing rules.&nbsp;Existing Solution / Workaround: Currently we are manually updating the public IP address in split tunnel policy which is not a better option to do.&nbsp;Priority&nbsp;(Low / Medium / High): High

the_halpern · Answer

Dear PrakashRIndiaCheck out the latest enhancement published in the release notes last month:Exclude Applications from&nbsp;Split&nbsp;Tunnel&nbsp;Policy Rules:&nbsp;For better customization of traffic routing for remote users, you can exclude traffic to specific applications from your&nbsp;Split&nbsp;Tunnel&nbsp;policy. For example, you can configure all traffic to be routed to&nbsp;Cato, except traffic from Zoom.The supported applications are: Google Applications, Outlook, SharePoint and OneDrive Business, Skype and MS Teams,&nbsp;and ZoomClick&nbsp;here to watch a video recording of this featureCan this help with your use case?Thanks,Yariv

Forum Discussion

Split Tunnel basis FQDN/Domain

Related Content

Clarification on Bandwidth Limit with Split Tunnel Policy

Inquiry About Remote Port Forwarding on IPsec Tunnel

Bypass L7 from socket device

Inquiry About Application Traffic Routing and Network Rules in CATO SASE

Differences in routing time between Internet Recovery and WAN Recovery

Recent Discussions

Setting up custom email alerts for changes in CMA

IPS Whitelist GEO_RESTRICTION using domain name

LAN Firewall rules - missing "IP range" in src/dst

Allow Only Specific Channels in YouTube

App catalog categorizations?