Solved

Split Tunneling on Watchguard firewall

Posted on 2011-09-06
11
2,042 Views
Last Modified: 2012-05-12
I am looking for step by step information on how to enable split tunneling on one of our Edge firewalls. We currently have allowed PPTP traffice through to RRAS on our 2008 R2 Server with NAP. We need users to be able to browse the internet.
0
Comment
Question by:KarlSolid
  • 4
  • 2
  • 2
  • +1
11 Comments
 
LVL 32

Expert Comment

by:dpk_wal
ID: 36493489
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 36493505
Reading again you have configured WG Edge as VPN passthrough and using RRAS for VPN; you can still look at second URL and change configuration at client and see if that does work.

Thank you.
0
 
LVL 14

Expert Comment

by:setasoujiro
ID: 36494054
open the PPTP adapter on the client, properties, networking, tcpipv4 right click properties, advanced,
uncheck 'use default gateway on remote network'

note that when doing this, you will not be able to browse your remote network by hostname only by ip (unless you specify a manual dns, or edit the host file of the client pc)
0
 
LVL 14

Expert Comment

by:setasoujiro
ID: 36494060
@dpk wal
i'm sorry , didn't see the link you posted before
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 13

Accepted Solution

by:
Greg Hejl earned 500 total points
ID: 36494998
sounds like your default route is set to route through your vpn tunnel.

there needs to be a route statement to route the network your 2008 r2 server is on through the vpn tunnel

then your default route needs to point to the wan port

http://www.watchguard.com/help/docs/wsm/11/en-US/index_Left.html#CSHID=en-US%2Fbovpn%2Fmanual%2Fglobal_vpn_settings_about_c.html|StartTopic=Content%2Fen-US%2Fbovpn%2Fmanual%2Fglobal_vpn_settings_about_c.html|SkinName=WSM%20%28en-US%29

the section in this link that applies to you is setting up dynamic NAT

0
 

Author Closing Comment

by:KarlSolid
ID: 36502073
Thanks
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 36508052
The question refers to PPTP whereas the comment chosen as answer refers to IPSec configuration; doesn't look right.
0
 
LVL 13

Expert Comment

by:Greg Hejl
ID: 36518774
the question was how to enable split tunneling so the client computers could surf the internet.

the watchguard's default configuration as a branch router is to route all traffic through the vpn tunnel.

http://www.watchguard.com/help/docs/wsm/11/en-US/index_Left.html#CSHID=en-US%2Fbovpn%2Fmanual%2Fglobal_vpn_settings_about_c.html|StartTopic=Content%2Fen-US%2Fbovpn%2Fmanual%2Fglobal_vpn_settings_about_c.html|SkinName=WSM%20%28en-US%29

the link did not display correctly- i directed the user to Dynamic NAT which is in the chapter:

"Define a Route for All Internet-Bound Traffic"

found in the index on the left

0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 36520687
Exactly the link does NOT explain how to ENABLE SPLIT TUNNELING rather if the traffic comes to firebox then using NAT we can direct it to the internet. If the client virtual IPs were on the same subnet as the internal network or already on the private subnets then this step is useless [as there would be entries already for private subnet as mentioned on the link].

The comment still does NOT qualify as answer but does as a workaround; as the question was to configure split tunneling.

Thank you.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

This article describes some very basic things about SQL Server filegroups.
Entering time in Microsoft Access can be difficult. An input mask often bothers users more than helping them and won't catch all typing errors. This article shows how to create a textbox for 24-hour time input with full validation politely catching …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now