I tried setting up an SSL VPN tunnel for the first time. It seems to work as expected in "split tunnel" mode, where I can see devices on my internal network and also see websites on the Internet.
What I want to do is route all network traffic through the VPN tunnel and then out the UTM external interface, relying on the UTM for DNS services. This is called full tunnel mode (aka mandatory tunnel mode).
Full tunnel mode does not work, and I am stumped. I have tried a lot of changes, but none of them makes a difference. I can see and connect to systems on the internal network LAN, but outbound connections to the Internet are not working.
Here are some things I tried that DID NOT WORK:
- Changed "Local Networks" to "Any" (or similar, e.g., Any IPv4).
- Changed "Local Networks" to both Internal (Network) and Internet IPv4
- Added VPN Pool (SSL) to Network Services, DNS, Allowed Networks.
- Added VPN Pool (SSL) to Sources in several Network Protection, Firewall entries, including DNS and Web Surfing,
- Edit: Added VPN Pool (SSL) to Allowed Networks in Web Filtering (but forgot to mention it until I read Bob's note below).
I think I must be missing something obvious, but I am stumped. Can you help? Has anyone else succeeded in setting up a mandatory tunnel? Should I be using a different VPN protocol for remote access (e.g., Cisco VPN Client)?
First step: What do you suggest to get an SSL VPN mandatory full tunnel working?
This thread was automatically locked due to age.
