SSL-VPN

Depends on the configuration. If you use Default Gateway, you will get your IP of your Firewall. If you do not select Default Gateway, it will show your local client WAN IP. 

OK! Now say we have a task where in our Office ISP IP is binded with one website, this means that if a person is in Office can access that website, OK ? So is it possible that if the Default Gateway is in use and if user connecting from home PC using SSL-VPN will see office IP, can he access that website ?

You can use Default Gateway or you could bind the IP of this website to Split Tunnel. This could work, if the website uses a static IP on there End. 

You can use Default Gateway or you could bind the IP of this website to Split Tunnel. This could work, if the website uses a static IP on there End. 

The website is owned by our client so binding the IP of the website to Split Tunnel is not possible since it is his asset.

Yes as far as default gateway is concerned I think that is in our hands.

Thanks

Hi Manish Chawda: " bind the IP of this website to Split Tunnel" in the last comment - means you may add the Website Public IP in the accessible resources in SSL VPN. Due to this with the split tunnel as well when end-user connect SSL VPN traffic for that IP will come to firewall from end-user machine and on Firewall with VPN to WAN Rule and with required NAT action that website traffic will be allowed. (f Cx has multiple ISP on the XG side then may require the SD-WAN rule as well as per requirement).

I think whole think has now incorrect info. Client is having a website to which our office public IP is binded so that no one else can access the website except us. Now let me know how to make understand your above statement ?

Hi Manish Chawda Let us assume the below scenario:

Client website xyz.com hosted on outside IP x.x.x.x

Now they have allowed traffic for your office IP y.y.y.y and this y.y.y.y is terminated on XG and SSL VPN Is configured on this XG. In the SSL VPN accessible resources, you will add x.x.x.x IP with your XG LAN Network which you would like to allow to end-users once they connect to SSL VPN.

Due to these settings on XG SSL VPN, once the end-user connects SSL VPN with a split tunnel end system has a route for x.x.x.x IP( for client website xyz.com) over SSL VPN and traffic will come to XG when they will Browse it from a machine. Here as a source of the request is SSL VPN, it will be from source zone VPN and destination x.x.x.x are outside XG over WAN cloud - destination zone is WAN zone and to allow this traffic VPN to WAN rule with required NAT action.

Note: You may test it in your local setup for any website like fliplart.com for which you want to route traffic via XG with a split tunnel in place of the end-users actual ISP.

Thanks