Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 3859 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mixed split tunnel over SSLVPN

Jamie Fontaine

I have a few users that need to connect to a clients websites (port 80 and 443) when connected via VPN.  The client is only allowing access from our corporate network and since SSLVPN is using split tunneling they are not allowed to connect when not in the office.  I need to know how to configure the firewall so traffic to the client routes over the corporate internet connection rather than my users local internet connection.  



This thread was automatically locked due to age.
Parents
  • 0

    Hi, Jamie, and welcome to the UTM Community!

    You're going to see how elegant solutions can be with WebAdmin.  There are two easy approaches:  Choose the first if everyone with access to your existing Profile should also be able to reach the client's website.  Choose the second if only a few people should also be able to reach it.

    1. In the SSL VPN Remote Access Profile, add a DNS Group for the client's FQDN to 'Local Networks'.  That might include "Internal (Network)" and {www.client.com}.
    2. Create another Remote Access Profile for the few people with a DNS Group for the client's FQDN in 'Local Networks'.  That would include only {www.client.com}.

    These Profiles are additive, so if you use the second approach and the few people are already in the pre-existing Profile, they will still have access to the 'Local Networks' in that Profile.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0

    Hi, Jamie, and welcome to the UTM Community!

    You're going to see how elegant solutions can be with WebAdmin.  There are two easy approaches:  Choose the first if everyone with access to your existing Profile should also be able to reach the client's website.  Choose the second if only a few people should also be able to reach it.

    1. In the SSL VPN Remote Access Profile, add a DNS Group for the client's FQDN to 'Local Networks'.  That might include "Internal (Network)" and {www.client.com}.
    2. Create another Remote Access Profile for the few people with a DNS Group for the client's FQDN in 'Local Networks'.  That would include only {www.client.com}.

    These Profiles are additive, so if you use the second approach and the few people are already in the pre-existing Profile, they will still have access to the 'Local Networks' in that Profile.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML