Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 21 replies
  • Subscribers 2 subscribers
  • Views 17236 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RED & Split Tunneling

FormerMember
FormerMember
Hi there,

my english is not so good, but I hope you understand me.

We have in our headquarter a ASG220 UTM 9 in use and in our branch office a RED 10.

Now I have not found too much on "Split Tunneling" or nothing, indicating my scenario.

I would minimize the Internet traffic running through the tunnel. The Internet traffic should directly via the Internetrouter, which ist in the branch office.

I already know that it will work - but I'm still a little hesitant when it comes to security.

If the 3-4 clients in the branch office go directly there on the internet, they have no security protection, right? Is our network in the headquarter then vulnerable to attack?


This thread was automatically locked due to age.
Parents
  • 0
    With RED, you cannot do Policy Routes.  If, for example, you want SSH traffic to 62.72.82.92 to go direct but SMTP traffic to the same IP to go via the tunnel, then you need Umpf's solution - another, small UTM.

    It would work well for the small office to use Web Filtering in the HQ 220 via a full-tunnel RED connection - again, their download speed would be limited by the upload speed of the HQ WAN connection.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    With RED, you cannot do Policy Routes.  If, for example, you want SSH traffic to 62.72.82.92 to go direct but SMTP traffic to the same IP to go via the tunnel, then you need Umpf's solution - another, small UTM.

    It would work well for the small office to use Web Filtering in the HQ 220 via a full-tunnel RED connection - again, their download speed would be limited by the upload speed of the HQ WAN connection.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML