• Cloud Edge Secure Access
• Networks
  • Private DNS
  • DNS Filtering
  • Routes
  • Split Tunneling
  • Site-to-Site Interconnectivity
  • Multi-Tunneling
  • Dynamic-IP Tunnels
  • Whitelisting Resources
    • Benefits of Whitelisting
    • Microsoft Azure
    • SalesForce
    • AWS Management Console
    • Google Cloud Platform
• Client-Based Access
  • MDM App Deployment
  • SCCM Agent Deployment
  • JAMF Cloud
• Client-less Access (Zero Trust Applications)
  • URL Aliasing
  • RDP Security Mode
• SonicWall Support
  • About This Document

Split Tunneling

This article describes how to incorporate split tunneling into your network. If you would like to select specific network subnets to go through from the client to the SonicWall network, instead of full tunnel mode (where all the traffic is encrypted and proxied through the SonicWall CloudEdge network), you will need to manually specify which subnets you’d like to include through the tunnel.

The Default Configuration is Automatic (Full Tunnel)

Split tunneling: Automatic Configuration

Split Tunneling: Manual Configuration

Some Operating Systems have limitations to the amount of Split Tunneling they allow on a VPN client connection:
IKEv2 - The integration with Windows limits the allows up to 25 different Subnets in Split Tunneling, Mac limit is 254.
OpenVPN, Wireguard - As many subnets as allowed on the local Routing Table (Usually less than 4,000 addresses)

If you have defined more than 25 different subnets, make sure that any end-users connected using the agent are operating on either OpenVPN protocol or WireGuard protocol. In any case, it is not recommended to insert more than 254 different subnets.

After defining the split tunneling subnets, this information will be available on the Networks page.