Force All Traffic Through Tunnel - Mobile VPN with IPSec

If we use this option for Mobile VPN with IPSec none of the already defined rules on the firewall is applied to this traffic. As far as i can see you must define all rules for this traffic again and every change on the regular rules must also be applied on the Mobile VPN rules.

So why not just an option to say apply all rules also to the every Mobile VPN User, or an option on the rule to select a specific VPN Group in the from field.

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    @CADFEM
    IPSec traffic is handled by the rules in the IPSec tab of policy manager, or the Mobile VPN w/ IPSEC area of WebUI under firewall policies.) Normal firewall rules won't apply to it by design.

    If you want to make specific rules for that traffic other than the default, you'll need to make them in the ipsec tab.

    See this article for more info:
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/mvpn/ipsec/mvpn_ipsec_policy_config.html

    -James Carson
    WatchGuard Customer Support

  • Hello James,
    i know that i can define rules for Mobile VPN with IPSEC. If i route all traffic through the tunnel for security reasons, none of my already defined rules is applied to the traffic. All rules i want to apply for this traffic have to be defined again.
    It would be much more comfortable if already defined rules can also be applied to traffic from a specific MVPN Group

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @CADFEM
    You can do this with any of the other three VPNS (IKEv2, SSL, and L2TP.)
    The older IPSec (IKEv1) VPN system is treated a bit differently, so you'll need to do them in that Mobile VPN with IPSEC tab, if that's the VPN you'd like to use.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.