Enterprises often provide a virtual private network (VPN) gateway or capability for remote devices to access the internal enterprise network across an insecure or untrusted network (e.g. the Internet). The VPN can allow for a remote device to access services and sites normally only available to devices physically connected to the internal enterprise network. The VPN can also allow for the remote device to route its traffic to third-party services and sites through the enterprise network, allowing for requests from the remote device to appear to originate from the enterprise network rather than the remote device.
Remote devices can be configured to connect to the VPN and send all traffic through the VPN. However, some network traffic can be inappropriate to route through the enterprise network. For example, an enterprise might not want streaming media applications to route traffic through the enterprise network over a VPN in order to avoid wasting bandwidth. However, an enterprise might want some network traffic to always be routed through the VPN, such as email traffic, in order to provide increased security for such network traffic.