This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN and SFTP traffic redirection

Hello all,


I'm running into an issue where SSL VPN users who use FileZilla to SFTP transfer files are not able to do so while out off the office. Our partner's SFTP setup only allows access to their servers from the our internal site which has a site to site VPN tunnel established.

For example:

Working

Internal User (LAN) ==> FileZilla SFTP ==> Partner Server

 

Not Working

User Working from home ==> SSL VPN to Sophos SG ==> Same FileZilla SFTP client ==> Partner Server rejects the connections as not an auth'd IT

 

I know it is because FileZilla (or any other traffic but internal access requests while VPN'd) will show as coming (and goes out via) from the user's IP /  and be blocked.  

 

How do I force FileZilla (or any other traffic we deem necessary) to go through our internal network. As there are many users, anything server side that can be done? Do I have to setup a proxy? Would WebFiltering for VPN users work (or even be possible?)?

 

-Dave 



This thread was automatically locked due to age.
Parents
  • Hi  

    Have you added the Partner Server network in Local Networks? I suggest you add it there and then also create a Masquerading rule for the SSL VPN network going to the Internet using the Specific ISP you want. Also, make sure that you don't add the SSL VPN Network in Web Filtering. This way, once a client connects to SSL VPN, it will create a route for the Server network going through UTM.

    Hope this helps.

    Regards

    Jaydeep

Reply
  • Hi  

    Have you added the Partner Server network in Local Networks? I suggest you add it there and then also create a Masquerading rule for the SSL VPN network going to the Internet using the Specific ISP you want. Also, make sure that you don't add the SSL VPN Network in Web Filtering. This way, once a client connects to SSL VPN, it will create a route for the Server network going through UTM.

    Hope this helps.

    Regards

    Jaydeep

Children
No Data