Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Force specific websites through VPN tunnel?

We utilize Azure for a number of things, one of which is housing certain databases and applications. Folks who work remotely and use the VPN to access our internal resources are not able to access these Azure resources because of IP filters we have in place to keep extra traffic out. Because Azure is a publicly reachable address, clients on the Sophos VPN client automatically route to those public addresses rather than through our corporate network, which in turn doesn't allow them to connect because of the whitelist connection filters we have in place in Azure. Is there a way to route only the Azure addresses through the VPN, and continue to allow other public DNS traffic to continue to route to the individual user's ISP? I'd rather not route ALL traffic through the VPN if possible, as this creates too big of a bandwidth bottleneck, and I don't want to go whitelisting random IPs given from an ISP at a user's home or cafe either. Thanks.



This thread was automatically locked due to age.
Parents
  • Hi  and  

    Thank you for providing in-depth details of the scenario.

    1. Get the A record of all the URLs/Domain you want to access through a VPN

    2. I assume that you are using SSL VPN remote access

    3. Please add all those A record IP address to the SSL VPN >> Tunnel Access >>  Permitted network resources (IPv4)

    4. Ask the SSL VPN user to reimport the configuration of SSL VPN remote site

    5. All the new IPs added in the configuration will be pushed and add those routes in the user system

    6. If the user system DNS resolves the same A record the traffic will be sent to the tunnel instead of local ISP gateway of the user system

    7. Resources would be accessible through the tunnel and the Rest of the Internet traffic will forward through user's local ISP gateway

    Please try the above steps and let us know.

    Regards,

    Keyur
    Community Support Engineer | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

Reply
  • Hi  and  

    Thank you for providing in-depth details of the scenario.

    1. Get the A record of all the URLs/Domain you want to access through a VPN

    2. I assume that you are using SSL VPN remote access

    3. Please add all those A record IP address to the SSL VPN >> Tunnel Access >>  Permitted network resources (IPv4)

    4. Ask the SSL VPN user to reimport the configuration of SSL VPN remote site

    5. All the new IPs added in the configuration will be pushed and add those routes in the user system

    6. If the user system DNS resolves the same A record the traffic will be sent to the tunnel instead of local ISP gateway of the user system

    7. Resources would be accessible through the tunnel and the Rest of the Internet traffic will forward through user's local ISP gateway

    Please try the above steps and let us know.

    Regards,

    Keyur
    Community Support Engineer | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

Children
No Data