SSL VPN some traffic through VPN

Gemini3 · September 2020

Hello,

wer're running an M200. Mobile Users connecting via SSL VPN. Split tunneling is activate.
We have a request that traffic to a certain IP has to be route through the Fireboc.
I put the remote IP in the SSL VPN settings.
In traffic monitor I can see traffic ti this IP. However the website does not open.
Putting a policy to allow traffic from Any to the VPN network doesn't help either.
Only traffic to a single remote IP over a single Port is neccessary.
What do I have to configure?
Thank you.
Gemini

Bruce_Briggs · September 2020

Turn on Logging on any policies which you think will allow this access so that you see access attempts in Traffic Monitor.

You can test this access using the SSLVPN client from behind the firewall.

Make sure that the Dynamic NAT settings still have the 3 private supernets and that one of them includes the SSLVPN virtual IP subnet.

Gemini3 · September 2020

It seems to work. We can test more tomorrow. Thank you!

The SSLVPN net was not in the DNAT settings.

Bruce_Briggs · September 2020

Rarely is there a need to remove/modify the 3 default Dynamic NAT settings.
And, as you have seen, doing so can cause issues.

Gemini3 · September 2020

I just add our SSLVPN 192.168.113.0/24 even the range is already include in 192.168.0.0/16.

Bruce_Briggs · September 2020

If prior to adding this entry, you only have the 3 default entries, then I don't see how adding this entry really helped here.

Gemini3 · September 2020

Bruce, you're absolutely right.

Got wrong IP from the Service Provider

Now it works like a charm.

SSL VPN some traffic through VPN

Best Answer

Answers