How can I allow SSLVPN users access to the Internet when using tunnel all mode?
10/14/2021 2,170 People found this article helpful 486,757 Views
Description
NetExtender or Mobile Connect in tunnel all mode forces all traffic to be routed over the SSL-VPN adapter. To allow your end users access to Internet over the UTM-SSLVPN, we will need to allow WAN Remote Access Networks (a network address object whose value 0.0.0.0 acts like a default route), and the Tunnel All option must be selected on the Client Routes page
The method below is appropriate when the administrator wants all of their NetExtender | Mobile Connect users to have their Internet access provided through the SSLVPN. Be sure that you are not overwhelming the Internet bandwidth at the location where the firewall is installed, as this traffic will be added to the other loads from inside the network.
Resolution
Resolution for SonicOS 7.X
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
- Navigate to NETWORK | SSL VPN | Client Settings screen, configure Default Device Profile.
- Click on Client routes.
- On the Device| Local Users and Groups, configure SSLVPN Services group and under tab “VPN Access,” add the object WAN Remote Access Networks.
NOTE: No custom rules are needed on the Policy | Access Rules screen for this to work. You can see auto-added rules in the section SSLVPN to WAN.
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
- Login to SonicWall management page.
- Navigate to SSL-VPN | Client Settings screen, configure Default Device Profile and click Client Routes tab.
- Select Enabled in Tunnel All Mode option.
- On the Users | Local Groups screen, configure SSLVPN Services group and under tab “VPN Access,” add the object WAN Remote Access Networks.
NOTE: No custom rules are needed on the Firewall | Access Rules screen for this to work. You can see auto-added rules in the section SSLVPN to WAN.
Related Articles
Categories
Was This Article Helpful?
YESNO