Multiple SSL VPN's

I would like the ability to either create multiple SSL VPN configurations, or allow the advanced settings to be modified per SSL Group.

My issue is I have several users that need to use the VPN to login and clock in and out each day. I can make this work by forcing all traffic thru the VPN.

However IT does not need to have this ability forced on them, or they need access to different network resources than a regular user does,

I hope this makes sense.


  • Options

    You can have a group only for your your IT people who use SSLVPN, and have that group name on the From: of desired policies.

    The IT people also need to be members of the SSLVPN-Users group.

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @HRoberts

    This is a global setting, the best compromise I can suggest would be to use custom routes and include the IPs for the timeclock software you're using, which will force traffic to that service across the tunnel.

    Another solution would be to use a different VPN service for IT, such as IKEv2, and set that service up to be a split tunnel.

    The underlying service that runs SSLVPN (OpenVPN) doesn't support running the tunnels both ways on the same server, so adding an option like this is unlikely.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.