SD-RED 20 SPLIT mode not working

You mean the RED tunnels everything? What kind of traffic appears on the XG? 

You mean the RED tunnels everything? What kind of traffic appears on the XG? 

Yes, just like it route everything through it as in UNIFIED mode, but it is running SPLIT and I only have LAN 192.168.x.x/24 i split networks.

XG:

Firewall log shows only that my RED-Subnet is going to the other LAN based services, no public ip here.

SSL log shows my red subnet connecting to public ip's but "Do not encrypt" is shown.

There is no need to do a NAT rule on the XG when in SPlit mode right?

Split means, all the HTTP/s Traffic to the internet will be routed directly from RED. The rest will send to the XG. 

DPI Engine can decrypt all kinds of traffic. Check the SSL logviewer, if this is port 443 traffic or non related HTTPs log. 

Sorry for the delay, have one week off at the moment :-)

I have tried to disable SSL/DPI also,if I do "myip" I get the public IP of the XG and not the one behind the RED, as like the RED runs in standard unified mode.

Do you use a standard proxy on the client? You could verify the traffic by using packet capture (webadmin or CLI) on the XG to check, if the RED Interface sees 443 traffic or not. 

No not at all.

Just got the issue resolved:

- Was using unified RED firmware

- Deactivated unified firmware = split tunnel works now

- Activated unified RED firmware again = spilt tunnel still works.

- Rebooted XG = split tunnel kept working.