Nur den SSL-Client für Ingternetzugriff zulassen, den restlichen Verkehr sperren

Question

Hallo zusammen, 
 
 ich setze bei uns 2 VPN-L&ouml;sungen ein. Zum Einen den PPTP-Client (Windows integriert) und den Sophos SSL-Client. 
 Beim PPTP-Client wird automatisch am Client der restliche Verkehr Richtung Internet geblockt, beim SSL-Client zugelassen. 
 Gibt es eine M&ouml;glichkeit den SSL-Client so zu konfigurieren dass der Verkehr wie bei PPTP-Client geblockt wird? 
 
 Gru&szlig; 
 swirfel

apijnappels · Accepted Answer

If you want to completely block internet traffic for the SSL-VPN client you can include Internet IPv4 and/or IPv6 in your VPN local networks configuration so all traffic outside the local LAN from this VPN-client is sent to the UTM. Then you can make a firewall rule to allow what needs to be accessed and make sure auto firewall rule for the SSL VPN is not enabled. Also you might not want to have a masquerading rule for SSL pool => External. You would also leave SSL pool from the web filtering allowed networks so they also cannot use the proxy for web browsing. In that case all traffic is sent to UTM but internet traffic is dropped. 
 If you do want internet access but you want it controlled and checked by the UTM also include Internet IPv4 and/or IPv6 in the VPN local networks so all traffic is again sent to the UTM. Then either use the VPN pool to the allowed networks for web filtering to allow usage of the web filter (and/or configure a masquerading rule for VPN pool => External for direct access to the internet through the UTM).

apijnappels · Answer

See this picture, you can do this from the UTM. 
 In my case I use a group to determine who gets this.