Product updates

NordLayer feature release: IP-based split tunneling


IP-based split tunneling

At NordLayer, we understand the need for network flexibility, and we're excited to introduce our latest innovation: IP-based split tunneling. This new release is a major advancement, building upon our URL-based split tunneling feature and opening new doors for our customers' network security and performance.

With IP-based split tunneling, we're introducing a more tailored approach to network traffic management. This sophisticated method allows organizations to selectively encrypt network traffic by specifying IP addresses or subnets, ensuring sensitive data transmitted to and from those addresses remains secure and private. By separating encrypted and unencrypted traffic, we help organizations strike a delicate balance between robust security measures and uninterrupted internet performance.

What problem does IP-based split tunneling solve?

IT administrators often face the challenge of balancing network security with optimal performance. NordLayer's IP-based split tunneling solves this dilemma by enabling selective encryption of traffic for specific IP addresses or subnets.

Additionally, IP-based split tunneling addresses the issue of managing organization-based network requirements. With the ability to exclusively encrypt traffic, admins can tailor network security to meet changing needs—such as a growing organization or industry-specific compliance requirements—ensuring that critical resources are protected while adapting to dynamic organizational demands.

Pair IP-based split tunneling with granular access control rules enforced through NordLayer Cloud Firewall and you have yourself an unprecedented private resource access solution that meets everchanging business needs.

Feature characteristics: what to expect

IP-based split tunneling brings benefits to IT admins and end-users alike. Admins gain centralized control and improved network management capabilities, while employees experience seamless internet performance.

The key advantages of IP-based split tunneling revolve around enhanced productivity and performance:

  • Optimized internet performance: By selectively routing only specific subnets through the VPN tunnel, organizations can alleviate bandwidth limitations and bottlenecks. Regular internet traffic doesn’t need to be tunneled through the NordLayer gateway, resulting in improved overall network performance.
  • Enhanced VPN performance: With split tunneling enabled, employees can effortlessly access company resources and regular internet services, printers, and other local network devices alike, remaining unaware of the underlying security configurations. 
  • Flexibility & control: By excluding non-essential traffic from the VPN tunnel, organizations can achieve better performance for applications and services that don’t require encryption, such as SaaS or VoIP services from globally trusted providers. 
  • Security & risk mitigation: IP-based split tunneling enables organizations to balance security and functionality by directing critical internal systems through a VPN and allowing less sensitive web browsing traffic to bypass encryption while keeping the protective layer on through the use of NordLayer’s Secure Internet Access features.

How does IP-based split tunneling work?

IP-based split tunneling is a strategic feature that selectively secures parts of your network traffic. IT administrators can configure specific IP addresses or subnets for encryption, ensuring that only those specified addresses are routed through secure VPN servers.

This targeted encryption approach strikes the perfect balance between security and performance—your sensitive data remains protected without any impact on the speed of web browsing. 

Each dedicated server can be configured with up to 16 CIDRs at a time and there is no limit to how many servers can be used in a single Virtual Private Gateway.

Configuring split tunneling is straightforward and accessible with our Core and Premium subscription plans. This feature is particularly useful for Premium subscribers who can use the Site-to-Site capability to access private network subnets through the NordLayer gateway. 

To enable this feature, follow these simple steps:

  1. Navigate to the Network section in the NordLayer’s Control Panel
  2. Select Servers and then choose Configure from the options presented
  3. From the dropdown menu, select Split Tunneling
  4. Input the desired IP addresses and subnets you wish to tunnel through NordLayer

By specifying these addresses, you ensure that only the designated traffic uses the NordLayer tunnel, while other traffic utilizes the direct internet route.

Productivity by design

Our first release, URL-based split tunneling for Browser Extension, offered flexibility by leaving certain domains unencrypted while encrypting the rest of the traffic. Now, with IP-based split tunneling for desktop and mobile apps, we're taking it a step further, allowing organizations to pinpoint exactly which IP addresses require encryption.

The beauty of our twofold approach lies in the different strategies employed. URL-based split tunneling creates exceptions by excluding specific domains, while IP-based split tunneling includes only specified IP addresses for a more targeted encryption process. Together, they form the foundation of our VPN split tunneling feature, enhancing network efficiency, reducing congestion, and optimizing bandwidth usage.

We understand that network security can be complex, and our goal is to provide organizations with the tools they need to navigate it with confidence. Our innovative duo of URL-based and IP-based split tunneling increases flexibility, allowing our customers to customize their network security according to their needs.


Head of Product


Share this post

Related Articles

What is Smart Remote Access
NordLayer Linux app release

Stay in the know

Subscribe to our blog updates for in-depth perspectives on cybersecurity.