This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN & Proxy Settings

Hi Forum, 

i have set up SSL VPN succesfully for my customers. i want to let those remote users access the astaro proxy service via ssl vpn. i thought that it would be enough to have internet explorer settings with the proxy server configured, but IE ignores the proxy settings and accesses the internet directly. has anyone a clue how i can force IE to use the proxy server from astaro over the ssl vpn connection?

thanks in advance, 

regards

maik


This thread was automatically locked due to age.
Parents
  • xianx, there are several things:
      Add the "Internet" object to 'Local Networks' in the SSL VPN Profile.
    • Add the "VPN Pool (SSL)" object to 'Allowed networks' in 'Allowed networks' in Web Filtering.
    • Create a Masquerading rule 'VPN Pool (SSL) -> External'.
    • Add "VPN Pool (SSL)" to the firewall rules for "Internal (Network)" where you want the VPN users to have the same access.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • xianx, there are several things:
      Add the "Internet" object to 'Local Networks' in the SSL VPN Profile.
    • Add the "VPN Pool (SSL)" object to 'Allowed networks' in 'Allowed networks' in Web Filtering.
    • Create a Masquerading rule 'VPN Pool (SSL) -> External'.
    • Add "VPN Pool (SSL)" to the firewall rules for "Internal (Network)" where you want the VPN users to have the same access.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • i have a similar issue and I am trying to set this up but I am running into an issue add the "internet" object to 'Local Networks' in the SSL VPN Profile, when I drag and drop it does not stay.

  • If you don't have IPv6 activated, you can't drag an object that uses v6 into 'Local Networks'.  I just tried this with the "Internet" object and had no problem, so you may need to use the "Internet v4" object.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thank you very much, this worked. I followed all the steps you advised below:

    • Add the "Internet" object to 'Local Networks' in the SSL VPN Profile.
    • Add the "VPN Pool (SSL)" object to 'Allowed networks' in 'Allowed networks' in Web Filtering.
    • Create a Masquerading rule 'VPN Pool (SSL) -> External'.
    • Add "VPN Pool (SSL)" to the firewall rules for "Internal (Network)" where you want the VPN users to have the same access.

    I am now able to access the internet through the vpn with the proxy server settings configured on the clients machine through gpo, also I have access to all internal networks, the only issue I am having now is that I am not able to access external networks 

     I have given users access to Internal Sites, Internet IPv4 and ExtraNet-Networks, but when trying to connect to sites/applications that go through the extranet it is not working. Any suggestions would be great. 

  • What are the ExtraNet networks and how are they reached?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • ExtraNet networks our External networks we have access to from a different company. 

    I was able to resolve the issue this morning I haven't had  a chance to revise my post. The resolution was to create a second masquerading rule for VPN Pool SSL -> ExtraNet-Networks, it is now working perfectly, thank you for all your help.