SSL VPN Split tunneling

Like Jaesii says, don't put any (or Internet .....) in the SSL VPN config otherwise you explicitly instruct to send all traffic over the tunnel.

Where can I configure split tunnel?  I am using sophos utm 9 ver 9.506-1 but I'm not sure which "SSL VPN config" you are referring to, is it somewhere under Remote Access -> SSL menu?

Khai Do said:

Where can I configure split tunnel?  I am using sophos utm 9 ver 9.506-1 but I'm not sure which "SSL VPN config" you are referring to, is it somewhere under Remote Access -> SSL menu?

JoeRebis Could you please clarify.  We do use SSL VPN but how to I configure it to NOT "use Any or Internet in the rules"?  Is that in the server settings? 

What should we set it to if not 'any or internet'?  should it be the our VPN ip (i.e. vpn.company.com)?

JoeRebis Could you please clarify.  We do use SSL VPN but how to I configure it to NOT "use Any or Internet in the rules"?  Is that in the server settings? 

What should we set it to if not 'any or internet'?  should it be the our VPN ip (i.e. vpn.company.com)?

The "ANY"  you have highlighted is for WAN addresses to listen on. 

Any will allow VPNS (and user portal)  to listen on ALL of your wan IPs and ALL additional addresses.

if vpn.domain.com is set up on a specific static public IP, drag that wan ADDRESS into the Interface Address field and that will lock the user portal and VPN to only listen on that specific IP. 

To have a Tunnel All mode VPN, you will need to click the profiles tab, modify the SSL VPN profile and drop  the Internet IPv4 and Internet IPv6 objects into the Local Networks list.

You will also need appropriate Firewall rules (if not using automatic) for SSL VPN to WAN and a Masquerade for the SSL VPN Pool. 

---

To have a Split Tunnel VPN, just drop in the Networks and Hosts into the Local Networks box. 

DO NOT put ANY in this box, and do not create a Masquerade.