Skip to main content

About Internet Access Configuration

Abstract

The Internet Access section allows you to view, filter, search, and edit the route internet traffic takes for User Groups, Networks, and Hosts connected to CloudConnexa.

Use the Internet Access section to centrally manage how internet traffic is routed for user groups, networks, and hosts connected to CloudConnexa.

From this page, you can:

  • View and manage internet access settings in one place.

  • Control whether internet traffic is tunneled through CloudConnexa or routed locally.

  • Restrict internet access entirely.

  • Assign specific internet gateways for internet-bound traffic.

How internet traffic is handled

CloudConnexa separates traffic into two categories:

  • Private and trusted traffic — Traffic destined for private resources, applications, or IP services configured in your WPC.

  • General internet traffic — All other internet-bound traffic.

Trusted internet destinations configured as applications or IP services are always routed through CloudConnexa, even when Split Tunnel is enabled.

Note

Any internet destinations (domain names or IP subnets) configured as applications or IP services are considered trusted internet traffic and are always tunneled through CloudConnexa.

Internet access modes

Internet access can be configured separately for user groups, networks, and hosts. The sections below detail the options available and provide suggested use cases for each.

For additional details about security levels, refer to:

Tip

User Groups with Split Tunnel Off or Restricted Internet can use Tunnel Bypass to route specific destinations directly to the local network gateway, bypassing the CloudConnexa tunnel, while all other traffic remains tunneled. Refer to About Tunnel Bypass.

Split tunnel on (level-1 security)

Private and trusted traffic is tunneled through CloudConnexa. All other internet traffic uses the local internet connection.

Use this mode when:

  • You want optimized internet performance.

  • Only private or trusted resources need secure routing.

  • You want to minimize bandwidth usage through CloudConnexa.

Split tunnel off (level-2 security)

All traffic, including general internet traffic, is tunneled through CloudConnexa.

Internet traffic exits through configured internet gateways.

Use this mode when:

  • You want to inspect or control all internet traffic.

  • Users need internet traffic to appear to originate from corporate locations.

  • You require centralized internet routing and security controls.

Restricted internet (level-3 security)

Private and trusted traffic is tunneled through CloudConnexa. All other internet traffic is blocked.

Use this mode when:

  • Users should only access approved resources.

  • You want to block general internet access.

  • You require strict access controls for managed environments.

About internet gateways

When split tunnel is off, all internet traffic is routed through CloudConnexa instead of using the user's local internet connection.

To allow that traffic to reach the internet, you need to configure at least one connected network as an internet gateway. An internet gateway network acts as the exit point to the internet for traffic routed through CloudConnexa. Without an internet gateway configured:

  • Users can't access general internet destinations when split tunnel is off.

  • Only private and trusted traffic within CloudConnexa remains reachable.

Refer to:

Tip

Multiple networks can be configured as internet gateways.

CloudConnexa automatically selects the optimal internet gateway based on:

  • The source region.

  • Network performance characteristics.

  • Connector availability.

For example:

  • Traffic from users connected near Los Angeles may use an internet gateway in San Jose.

  • Traffic from users connected near Ashburn may use an internet gateway in Chicago.

Constrain internet gateway selection

You can override CloudConnexa's automatic routing behavior by assigning specific internet gateways to user groups, networks, or hosts. This can help you:

  • Create deterministic routing policies for teams or departments.

  • Distribute internet traffic across multiple gateways.

  • Route users through gateways with specific security controls or compliance requirements.

  • Optimize bandwidth usage and geographic routing behavior.

Tip

You can assign one or more internet gateways per user group, network, or host.

If multiple internet gateways are available, CloudConnexa automatically selects the optimal route among the permitted gateways.

In this section:
See also: