routing all traffic in through the outside interface and out through a dedicated VPN outbound port?

Hi, and welcome to the UTM Community!!

Please insert a picture of your SSL VPN Profile open in Edit and one of the 'Settings' tab.  Also, a picture of 'Allowed Networks' in your Web Filtering configuration.

Cheers - Bob

Thanks for your reply Bob!

Here's what you requested

If you already have the 3rd interface setup and allow your internal network to browse the internet ie the correct routing or NAT, I would imagine it will be a simple case of allowing "internet" through the tunnel ie add it to your local networks on the vpn.

wouldn't that be a split tunnel of it's going out on the same interface it's coming in?  am i misunderstanding?

I admit that I'm not sure I understand what you want to do.

If you want to use Web Filtering when connected via SSL VPN, you must add "SSL Pool (small)" to 'Allowed Networks' there.

If you have another WAN connection or just an Additional Address and you want your Internet browsing to go out from there when you VPN in, then you cannot do that if using Web Filtering.

In the SSL VPN Profile, rather than the "Any" object, use the "Internal (Network)" and "internet" objects to have a full (not split) tunnel.

Cheers - Bob

this is what i want to do:

away from home now

laptop -----tunnel-----> (outside int)/home network 

besides poking around on the home network i can't do anything

if i want to get out to the net, i need to terminate the VPN, resulting in

laptop -----> hotspot -------> internet

this is what i want to do

laptop -----tunnel------> (vpn int)/home network/(outside int) -------> internet

so i guess i want to route all internet-bound traffic through my SophosUTM when i'm out an about.


from what I was told, split tunneling was using the same interface for LAN and WAN access, which, from what i was told, is generally frowned upon.


"VPN client connect to our UTM's, can access the desired internal network resources and then get onto the internet via our internet connection. Main thing is to allow that traffic into the tunnel otherwise it's going nowhere."

THIS EXACTLY is what i want.  you don't use the same interface for the VPN connection and internet connection do you?

No, split tunneling is allowing the client to access the internet locally whilst using a vpn. Simply add internet ipv4 to the tunnel to allow that traffic to traverse the tunnel.

As long as the routing is configured on the UTM, it will know what to do with the traffic.

"VPN client connect to our UTM's, can access the desired internal network resources and then get onto the internet via our internet connection. Main thing is to allow that traffic into the tunnel otherwise it's going nowhere."

THIS EXACTLY is what i want.  you don't use the same interface for the VPN connection and internet connection do you?

As I said above, "If you want to use Web Filtering when connected via SSL VPN, you must add "SSL Pool (small)" to 'Allowed Networks' there."  Yes, you use the same interface.

Cheers - Bob

hi,

like balfson said. Works perfect.  and do this as suggested for webfiltering