Disable Split Tunelling

**Dandm** · 2017-09-12

Can anyone let me know how I can disable split tunnelling for our remote users using endpoint security client?

I have seen a few articles on the Internet, but none of their suggested solutions work.

Thanks

**msjouw** · 2017-09-12

In the global settings go to remote access, under this section you have Secureclient Mobile and Endpoint Connect, in both sections tick the box "Route all traffic to gateway" push policy and you are done.
Now one addition, on the gateway object, under VPN Clients goto section Remote Access and select under Hub Mode configuration the option Allow VPN clients to route traffic through this gateway.

**Dandm** · 2017-09-13

Hi Maarten,

Thanks for the reply. I have tried your suggestions, but it still does not work.

Once connected, if I look at the routing table of a device connected via Endpoint Connect, the default route 0.0.0.0 is still pointing to the interface of the MiFi unit that I am using for the remote connection. There is a second route to 0.0.0.0 with a subnet mask of 128.0.0.0 point to the interface of the virtual adapter and I cannot get to the Internet (even pings to 8.8.8.8 fail although I can get to devices in our Remote Access domain).

Is there anything else I need to do?

- David

**msjouw** · 2017-09-13

You need to make sure that in the Gateway policy you allow and NAT traffic towards the internet with the source network that you have used for the Office Mode Pool.

**jflemingeds** · 2017-09-13

Originally Posted by Dandm

Hi Maarten,

Thanks for the reply. I have tried your suggestions, but it still does not work.

Once connected, if I look at the routing table of a device connected via Endpoint Connect, the default route 0.0.0.0 is still pointing to the interface of the MiFi unit that I am using for the remote connection. There is a second route to 0.0.0.0 with a subnet mask of 128.0.0.0 point to the interface of the virtual adapter and I cannot get to the Internet (even pings to 8.8.8.8 fail although I can get to devices in our Remote Access domain).

Is there anything else I need to do?

- David

The route is correct. Remember in routing most specific route always wins. Check point adds a bunch of slightly smaller routes to force traffic the correct way.

**Dandm** · 2017-09-15

Hi Guys,

Sorry for the late reply, but I was dragged into another issue yesterday and was not able to try anything with this.

It all works fine now. Many thanks for your help and the explanation of the routing.

- Dandm