Solved

Split Tunneling on Watchguard firewall

Posted on 2011-09-06
11
2,168 Views
Last Modified: 2012-05-12
I am looking for step by step information on how to enable split tunneling on one of our Edge firewalls. We currently have allowed PPTP traffice through to RRAS on our 2008 R2 Server with NAP. We need users to be able to browse the internet.
0
Comment
Question by:KarlSolid
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +1
11 Comments
 
LVL 32

Expert Comment

by:dpk_wal
ID: 36493489
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 36493505
Reading again you have configured WG Edge as VPN passthrough and using RRAS for VPN; you can still look at second URL and change configuration at client and see if that does work.

Thank you.
0
 
LVL 14

Expert Comment

by:setasoujiro
ID: 36494054
open the PPTP adapter on the client, properties, networking, tcpipv4 right click properties, advanced,
uncheck 'use default gateway on remote network'

note that when doing this, you will not be able to browse your remote network by hostname only by ip (unless you specify a manual dns, or edit the host file of the client pc)
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 
LVL 14

Expert Comment

by:setasoujiro
ID: 36494060
@dpk wal
i'm sorry , didn't see the link you posted before
0
 
LVL 13

Accepted Solution

by:
Greg Hejl earned 500 total points
ID: 36494998
sounds like your default route is set to route through your vpn tunnel.

there needs to be a route statement to route the network your 2008 r2 server is on through the vpn tunnel

then your default route needs to point to the wan port

http://www.watchguard.com/help/docs/wsm/11/en-US/index_Left.html#CSHID=en-US%2Fbovpn%2Fmanual%2Fglobal_vpn_settings_about_c.html|StartTopic=Content%2Fen-US%2Fbovpn%2Fmanual%2Fglobal_vpn_settings_about_c.html|SkinName=WSM%20%28en-US%29

the section in this link that applies to you is setting up dynamic NAT

0
 

Author Closing Comment

by:KarlSolid
ID: 36502073
Thanks
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 36508052
The question refers to PPTP whereas the comment chosen as answer refers to IPSec configuration; doesn't look right.
0
 
LVL 13

Expert Comment

by:Greg Hejl
ID: 36518774
the question was how to enable split tunneling so the client computers could surf the internet.

the watchguard's default configuration as a branch router is to route all traffic through the vpn tunnel.

http://www.watchguard.com/help/docs/wsm/11/en-US/index_Left.html#CSHID=en-US%2Fbovpn%2Fmanual%2Fglobal_vpn_settings_about_c.html|StartTopic=Content%2Fen-US%2Fbovpn%2Fmanual%2Fglobal_vpn_settings_about_c.html|SkinName=WSM%20%28en-US%29 

the link did not display correctly- i directed the user to Dynamic NAT which is in the chapter:

"Define a Route for All Internet-Bound Traffic"

found in the index on the left

0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 36520687
Exactly the link does NOT explain how to ENABLE SPLIT TUNNELING rather if the traffic comes to firebox then using NAT we can direct it to the internet. If the client virtual IPs were on the same subnet as the internal network or already on the private subnets then this step is useless [as there would be entries already for private subnet as mentioned on the link].

The comment still does NOT qualify as answer but does as a workaround; as the question was to configure split tunneling.

Thank you.
0

Featured Post

Upcoming Webinar: Securing your MySQL/MariaDB data

Join Percona’s Chief Evangelist, Colin Charles as he presents Securing your MySQL®/MariaDB® data on Tuesday, July 11, 2017 at 7:00 am PDT / 10:00 am EDT (UTC-7).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As technology users and professionals, we’re always learning. Our universal interest in advancing our knowledge of the trade is unmatched by most industries. It’s a curiosity that makes sense, given the climate of change. Within that, there lies a…
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
Video by: Steve
Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question