Hi. We've been running a Sophos UTM Remote Access SSL VPN for a few years now with no problems. With so many users now working from home we're finding that Windows patching is not ideal over the VPN and the recommendation is to move to a Split-tunnel configuration. This would allow clients to update directly via the internet rather than from the on-prem SCCM server.
My question is therefore, how easy is it to move to split-tunneling from full tunneling? Ideally I would like to leave the full tunnel but have an exception for say the Microsoft IPs but suspect this is not possible. I'm thinking it might be a case of removing the ANY setting in the Local Networks on the VPN Profile and adding in all the networks we still want to have on the VPN and accept that the rest will go directly. Does that sound like the only option?
I'm also not clear if there would need to be any change on the client side (Sophos OpenVPN client used)?
Thanks
This thread was automatically locked due to age.
