Dynamic Split Tunneling for SaaS Using Updatable Objects

To decrease load on a VPN Gateway, you can exclude traffic for SaaS from your Remote Access VPNClosed An encrypted tunnel between remote access clients (such as Endpoint Security VPN) and a Security Gateway. Tunnel in Hub Mode.

Chain of Events:

  1. Administrator configures which services to exclude from the Remote Access VPN Tunnel.

  2. The VPN Gateway dynamically fetches the IP addresses of configured services from the Internet, and sends this information to Remote Access VPN clients.

  3. Remote Access VPN clients exclude traffic for these services from the Remote Access VPN Tunnel.


This feature requires:


To exclude SaaS services from a Remote Access VPN tunnel in Hub mode: