Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 6794 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Split tunnel only for certain REDbox clients

Daniel Avrit

Howdy folks. I have some hardware at offsite locations that use the Sophos REDbox to tunnel in to our main network. Lately one of our engineers has been asking to allow ONE of these offsite network clients to connect directly to WAN. It seems that split tunnel mode on the red box is what we are looking for. However, we don't want to open all of these devices directly up to the internet for security reasons. Just one.

Is there a way to manually whitelist certain clients of the Redbox to talk directly to wan? Instead of going through the tunnel and then out like it normally does.

Or, failing that...

Is there a way to whitelist certain WAN IP's that are OK to directly communicate with?

 

Please be specific, I'm not an expert on UTM9. Thank you very much



This thread was automatically locked due to age.
Parents
  • 0

    I don’t think so. As this setting is done on the RED level and not on a per device level.

    So traffic has to pass through the UTM. But what is the problem, bandwidth?

    -

  • 0 in reply to Alexander Busch

    disaster recovery. We want certain red clients to be able to talk out to the cloud in the event the tunnel connection is severed. For example, if the office burned down. Or the UTM failed. Or the network connection at the office failed. But I don't want all of the RED box's clients to go directly to wan for security reasons. Just one, really.

    Maybe there's some custom-routing rule buried somewhere? Being able to specify a physical LAN port on the RED to go to wan would work too.

Reply
  • 0 in reply to Alexander Busch

    disaster recovery. We want certain red clients to be able to talk out to the cloud in the event the tunnel connection is severed. For example, if the office burned down. Or the UTM failed. Or the network connection at the office failed. But I don't want all of the RED box's clients to go directly to wan for security reasons. Just one, really.

    Maybe there's some custom-routing rule buried somewhere? Being able to specify a physical LAN port on the RED to go to wan would work too.

Children
Unfiltered HTML