Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Subscribers 40 subscribers
  • Views 2515 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN - split tunnel but redirect specific request

Charlie Aus

Hi
We are using XG for its SSL VPN into our office network.

Staff can get to the fileservers which are really the only resource needed internally.

Because of this, we are using the 'split tunnel' option so that staff's regular internet surfing, etc goes through their own Internet connection instead of being encrypted in and out of the office. This works as expected.

However, there is a web server (on the public Internet, not in the office) that has been configured by a third party to only allows access from our office network IP. It hosts a custom application and the security is such that this IP restriction is considered necessary.

With our current configuration, staff can't access this web server because it sees their requests coming from their home IP addresses.

Is there a way to configure XG so that https:// request for that particular web server ONLY (from a user's home when on the VPN) will appear to come from the office? 
Unlike the file servers, it isn't an internal resource within the office.

I'm just the helpdesk guy and this isn't really my thing, but surely it should be possible, rather than re-directing everything through the VPN just for that one web address?

Any pointers gratefully received.

 



This thread was automatically locked due to age.
Parents
  • +1

    Hi  

    We may try below workaround to achieve your requirements.

    Please add the IP address of the website/webserver in the SSL VPN configuration "Permitted network"

    Please reimport/reinstall the client, it will push the routes in the local machine that for the website IP traffic should be sent to the SSL VPN tunnel.

    In the XG firewall create VPN to WAN firewall rule with NAT (MASQ) so traffic will be sent out from firewall instead of the home user.

    If it is not working then you required a full tunnel.

    Regards,

    Keyur
    Community Support Engineer | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • 0 in reply to Keyur

    Thanks Keyur

    I will ask the network guy to try this... (he's not as convinced as me it is possible) - it is his job, I know, but I'm trying to keep the user happy.

    At the back of my head I keep thinking "It is a router... we must be able to make a route that we want"

    Thanks again

    Charlie

Reply
  • 0 in reply to Keyur

    Thanks Keyur

    I will ask the network guy to try this... (he's not as convinced as me it is possible) - it is his job, I know, but I'm trying to keep the user happy.

    At the back of my head I keep thinking "It is a router... we must be able to make a route that we want"

    Thanks again

    Charlie

Children
Unfiltered HTML