This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN Split tunneling - when enabled I can't access my internal network.

Hi,

I have a Sophos UTM setup as a VPN server.  Everything is working fine - I can RDP and access my servers in the internal network.  Due to a compliance issue, I need to disable split-tunneling.  However, when I disable split-tunneling by changing Remote Access>SSL>Local networks>Any, I can't access my servers in the internal network.   I still have my internal network listed in Local Networks.  What configuration do I need to add so I can access my servers in the internal network?

Thanks

Eddie



This thread was automatically locked due to age.
Parents
  • Here are my network IPs:

    VPN Pool (SSL)- 10.242.2.0/24
    Internal Network - 10.100.16.0/20

  • FormerMember
    0 FormerMember in reply to eddiejk

    Hi ,

    Have you tried to download the new configuration after making a change to the Remote access profile? 

    If you configure a full tunnel SSL VPN, you would need a firewall rule for the SSL VPN network and an MASQ rule to access the internet.

    Thanks, 

  • I have a firewall rule that was created by the SSL VPN profile.  I need to create one for VPN Pool (SSL) to access Internet?  I created a MASQ rule so VPN Pool (SSL) so it can access Internal network.

  • Hi Eddie and welcome to the UTM Community!

    The "Any" object gives strange results in several places.  Try:

    If you don't want to allow all access, then you will want to de-select 'Automatic firewall rules' and make your own.  You might also want to add "VPN Pool (SSL)" to 'Allowed Networks' in Web Filtering.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    I added Internet IPv4 instead of Any and put my internal networks, but I still can't access my servers.  Do you think I need to create the firewall rules?

    Thanks

    Eddie

Reply Children
No Data