Dynamic Split Tunneling for SaaS Using Updatable Objects

To decrease load on a VPN Gateway, you can exclude traffic for SaaS from your Remote Access VPNClosed Tunnel in Hub Mode.

Chain of Events:

  1. Administrator configures which services to exclude from the Remote Access VPN Tunnel.

  2. The VPN Gateway dynamically fetches the IP addresses of configured services from the Internet, and sends this information to Remote Access VPN clients.

  3. Remote Access VPN clients exclude traffic for these services from the Remote Access VPN Tunnel.

Prerequisites

This feature requires:

Configuration

To exclude SaaS services from a Remote Access VPN tunnel in Hub mode: