Enabling or Disabling Split DNS

On SecuRemote, Split DNS is automatically enabled. On Endpoint Security VPN and Check Point Mobile for Windows, you can edit a parameter in the trac_client_1.ttm configuration file to set if Split DNS is enabled, disabled, or depends on the client settings.

To change the setting for Split DNS on the Security Gateway:

1. On the Security Gateway, open the $FWDIR/conf/trac_client_1.ttm file with a text editor.

2. Add the split_dns_enabled property to the file:

   :split_dns_enabled (

   :gateway (

   :map (

   :true (true)

   :false (false)

   :client_decide (client_decide)

   )

   :default (client_decide)

   )

   )

3. Set the required value in the :default attribute:

   • true - Enabled

   • false - Disabled (this is the default)

   • client_decide - Takes the value from a file on the client machine

4. Save the file.

5. Install the policy.