At NordLayer, we understand the need for network flexibility, and we're excited to introduce our latest innovation: IP-based split tunneling. This new release is a major advancement, building upon our URL-based split tunneling feature and opening new doors for our customers' network security and performance.
With IP-based split tunneling, we're introducing a more tailored approach to network traffic management. This sophisticated method allows organizations to selectively encrypt network traffic by specifying IP addresses or subnets, ensuring sensitive data transmitted to and from those addresses remains secure and private. By separating encrypted and unencrypted traffic, we help organizations strike a delicate balance between robust security measures and uninterrupted internet performance.
What problem does IP-based split tunneling solve?
IT administrators often face the challenge of balancing network security with optimal performance. NordLayer's IP-based split tunneling solves this dilemma by enabling selective encryption of traffic for specific IP addresses or subnets.
Additionally, IP-based split tunneling addresses the issue of managing organization-based network requirements. With the ability to exclusively encrypt traffic, admins can tailor network security to meet changing needs—such as a growing organization or industry-specific compliance requirements—ensuring that critical resources are protected while adapting to dynamic organizational demands.
Pair IP-based split tunneling with granular access control rules enforced through NordLayer Cloud Firewall and you have yourself an unprecedented private resource access solution that meets everchanging business needs.
Related Articles
Andrius BuinovskisFeb 14, 20246 min read
Anastasiya NovikavaAug 30, 202412 min read
Feature characteristics: what to expect
IP-based split tunneling brings benefits to IT admins and end-users alike. Admins gain centralized control and improved network management capabilities, while employees experience seamless internet performance.
The key advantages of IP-based split tunneling revolve around enhanced productivity and performance:
Optimized internet performance: By selectively routing only specific subnets through the VPN tunnel, organizations can alleviate bandwidth limitations and bottlenecks. Regular internet traffic doesn’t need to be tunneled through the NordLayer gateway, resulting in improved overall network performance.
Enhanced VPN performance: With split tunneling enabled, employees can effortlessly access company resources and regular internet services, printers, and other local network devices alike, remaining unaware of the underlying security configurations.
Flexibility & control: By excluding non-essential traffic from the VPN tunnel, organizations can achieve better performance for applications and services that don’t require encryption, such as SaaS or VoIP services from globally trusted providers.
Security & risk mitigation: IP-based split tunneling enables organizations to balance security and functionality by directing critical internal systems through a VPN and allowing less sensitive web browsing traffic to bypass encryption while keeping the protective layer on through the use of NordLayer’s
Secure Internet Access features.
How does IP-based split tunneling work?
IP-based split tunneling is a strategic feature that selectively secures parts of your network traffic. IT administrators can configure specific IP addresses or subnets for encryption, ensuring that only those specified addresses are routed through secure VPN servers.
This targeted encryption approach strikes the perfect balance between security and performance—your sensitive data remains protected without any impact on the speed of web browsing.
Each dedicated server can be configured with up to 16 CIDRs at a time and there is no limit to how many servers can be used in a single Virtual Private Gateway.
Configuring split tunneling is straightforward and accessible with our Core and Premium subscription plans. This feature is particularly useful for Premium subscribers who can use the Site-to-Site capability to access private network subnets through the NordLayer gateway.
To enable this feature, follow these simple steps:
Select Servers and then choose Configure from the options presented
From the dropdown menu, select Split Tunneling
Input the desired IP addresses and subnets you wish to tunnel through NordLayer
By specifying these addresses, you ensure that only the designated traffic uses the NordLayer tunnel, while other traffic utilizes the direct internet route.
Productivity by design
Our first release, URL-based split tunneling for Browser Extension, offered flexibility by leaving certain domains unencrypted while encrypting the rest of the traffic. Now, with IP-based split tunneling for desktop and mobile apps, we're taking it a step further, allowing organizations to pinpoint exactly which IP addresses require encryption.
The beauty of our twofold approach lies in the different strategies employed. URL-based split tunneling creates exceptions by excluding specific domains, while IP-based split tunneling includes only specified IP addresses for a more targeted encryption process. Together, they form the foundation of our VPN split tunneling feature, enhancing network efficiency, reducing congestion, and optimizing bandwidth usage.
We understand that network security can be complex, and our goal is to provide organizations with the tools they need to navigate it with confidence. Our innovative duo of URL-based and IP-based split tunneling increases flexibility, allowing our customers to customize their network security according to their needs.
Andrius Buinovskis
Head of Product
Andrius Buinovskis, Head of Product at NordLayer, began his IT journey in the early ’90s when he exclusively experienced the thrill of technology by accidentally deleting and then reinstalling Windows on his own PC. Since then, his passion for IT has grown, leading him to specialise in developing IT services across diverse industries, including banking, telco, aviation, and cyber defence. At NordLayer, Andrius is now deeply involved in strategising and leading the product development agenda, further trailing his mark in cybersecurity.