Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 38 subscribers
  • Views 1927 views
  • Users 0 members are here
Options
Suggested

IPsec Remote Access VPN - Force specific traffic through VPN

DavidSain

I reviewed this

Force specific websites through VPN tunnel? 

This works for SSL VPN.  However adding a host IP under IPsec Remote Access does nothing.  Also cannot add an FQDN host under IPsec Remote Access under v20.

Is there any way to get this to work on an IPsec VPN or should I submit a feature request?



Edited TAGs
[edited by: Erick Jan at 4:23 AM (GMT -7) on 15 Apr 2024]
Parents
  • 0

    FQDN Host support is not available for IPsec Remote Access. Adding IP Host/Network in "Permitted Network Resources" is supported. But, the scx file has to be re-downloaded on the remote end. If you are using .pro file on the remote end, then the connection needs to be updated. In SSLVPN, only reconnection is needed

  • 0 in reply to Nikhil Bhandari

    The scenario is the customer has a hosted service that's only accessible from their office locations.  To give mobile users access, we need the traffic to first be routed through their IPsec VPN before egress to the internet.

    I added the IP to the Permitted Network Resources for IPsec Remote Access and downloaded a new SCX file.  Traffic still goes out the internet instead of IPsec VPN.  I configured the SSL VPN and that works just fine.

    Are you suggesting that this "should" work with IPsec VPN?

    Sophos Firewall Engineer 16.0, 16.5, 17.0, 17.1, 17.5, 18.0, 18.5, 19.0, 19.5, 20.0
    Sophos Firewall Architect 18.0, 18.5, 19.0, 19.5, 20.0
    Sophos Firewall Technician 18.0, 18.5, 19.0, 19.5, 20.0
    Sophos Central & Endpoint Architect 3.0, 4.0
    Sophos Central Email v2.0
    Sophos Mobile v9.6
    Sophos ZTNA 1.0, 2.0
    Synchronized Security Accredited
    Sophos Gold Partner

Reply
  • 0 in reply to Nikhil Bhandari

    The scenario is the customer has a hosted service that's only accessible from their office locations.  To give mobile users access, we need the traffic to first be routed through their IPsec VPN before egress to the internet.

    I added the IP to the Permitted Network Resources for IPsec Remote Access and downloaded a new SCX file.  Traffic still goes out the internet instead of IPsec VPN.  I configured the SSL VPN and that works just fine.

    Are you suggesting that this "should" work with IPsec VPN?

    Sophos Firewall Engineer 16.0, 16.5, 17.0, 17.1, 17.5, 18.0, 18.5, 19.0, 19.5, 20.0
    Sophos Firewall Architect 18.0, 18.5, 19.0, 19.5, 20.0
    Sophos Firewall Technician 18.0, 18.5, 19.0, 19.5, 20.0
    Sophos Central & Endpoint Architect 3.0, 4.0
    Sophos Central Email v2.0
    Sophos Mobile v9.6
    Sophos ZTNA 1.0, 2.0
    Synchronized Security Accredited
    Sophos Gold Partner

Children
Unfiltered HTML