Mobile SSL VPN Force All Traffic but Teams and Phone system

Is there a way on the WatchGuard to force all SSL VPN traffic though the tunnel except for teams and out phone system? Is there a way for it to bypass the full tunnel?



  • Options

    For SSLVPN, you can specify the destination IP addrs/subnets to be routed down the SSLVPN tunnels in the SSLVPN setup.
    If the Teams & phone destination IP addrs/subnets is different than the resources that you want to access via SSLVPN, then yes.

  • Options

    I am replying to your message here - as it might be beneficial to others in the future.

    "I am wondering how you would configure this on the firebox...Would I need to turn off the box that says force all Traffic though tunnel ? Or how do I says that for a Specific IP to go direct to internet not use the tunnel?"

    Yes, you unselect the "Force all client traffic through tunnel" check box, and add desired IP addrs/subnets in the "Specify allowed resources" list, or possible select the "Allow all access to Trusted, Optional and Custom networks" radio button.
    Note that doing this will stop general Internet access from using the SSLVPN tunnel, unless most Internet subnets (supernets) are added to the allowed resources list.

    Currently there is no "allow all through tunnel except for" option - which would probably be the best for your case.

Sign In to comment.