Enabling or Disabling Split DNS

On SecuRemote, Split DNS is automatically enabled. On Endpoint Security VPN and Check Point Mobile for Windows, you can edit a parameter in the trac_client_1.ttm configuration file to set if Split DNS is enabled, disabled, or depends on the client settings.

To change the setting for Split DNS on the Security Gateway:

  1. On the Security Gateway, open the $FWDIR/conf/trac_client_1.ttm file with a text editor.

  2. Add the split_dns_enabled property to the file:

    :split_dns_enabled (

    :gateway (

    :map (

    :true (true)

    :false (false)

    :client_decide (client_decide)


    :default (client_decide)



  3. Set the required value in the :default attribute:

    • true - Enabled

    • false - Disabled (this is the default)

    • client_decide - Takes the value from a file on the client machine

  4. Save the file.

  5. Install the policy.