Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Split Tunneling on Watchguard firewall

Posted on 2011-09-06
11
Medium Priority
?
2,359 Views
Last Modified: 2012-05-12
I am looking for step by step information on how to enable split tunneling on one of our Edge firewalls. We currently have allowed PPTP traffice through to RRAS on our 2008 R2 Server with NAP. We need users to be able to browse the internet.
0
Comment
Question by:KarlSolid
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 32

Expert Comment

by:dpk_wal
ID: 36493489
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 36493505
Reading again you have configured WG Edge as VPN passthrough and using RRAS for VPN; you can still look at second URL and change configuration at client and see if that does work.

Thank you.
0
 
LVL 14

Expert Comment

by:setasoujiro
ID: 36494054
open the PPTP adapter on the client, properties, networking, tcpipv4 right click properties, advanced,
uncheck 'use default gateway on remote network'

note that when doing this, you will not be able to browse your remote network by hostname only by ip (unless you specify a manual dns, or edit the host file of the client pc)
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 14

Expert Comment

by:setasoujiro
ID: 36494060
@dpk wal
i'm sorry , didn't see the link you posted before
0
 
LVL 13

Accepted Solution

by:
Greg Hejl earned 2000 total points
ID: 36494998
sounds like your default route is set to route through your vpn tunnel.

there needs to be a route statement to route the network your 2008 r2 server is on through the vpn tunnel

then your default route needs to point to the wan port

http://www.watchguard.com/help/docs/wsm/11/en-US/index_Left.html#CSHID=en-US%2Fbovpn%2Fmanual%2Fglobal_vpn_settings_about_c.html|StartTopic=Content%2Fen-US%2Fbovpn%2Fmanual%2Fglobal_vpn_settings_about_c.html|SkinName=WSM%20%28en-US%29

the section in this link that applies to you is setting up dynamic NAT

0
 

Author Closing Comment

by:KarlSolid
ID: 36502073
Thanks
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 36508052
The question refers to PPTP whereas the comment chosen as answer refers to IPSec configuration; doesn't look right.
0
 
LVL 13

Expert Comment

by:Greg Hejl
ID: 36518774
the question was how to enable split tunneling so the client computers could surf the internet.

the watchguard's default configuration as a branch router is to route all traffic through the vpn tunnel.

http://www.watchguard.com/help/docs/wsm/11/en-US/index_Left.html#CSHID=en-US%2Fbovpn%2Fmanual%2Fglobal_vpn_settings_about_c.html|StartTopic=Content%2Fen-US%2Fbovpn%2Fmanual%2Fglobal_vpn_settings_about_c.html|SkinName=WSM%20%28en-US%29 

the link did not display correctly- i directed the user to Dynamic NAT which is in the chapter:

"Define a Route for All Internet-Bound Traffic"

found in the index on the left

0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 36520687
Exactly the link does NOT explain how to ENABLE SPLIT TUNNELING rather if the traffic comes to firebox then using NAT we can direct it to the internet. If the client virtual IPs were on the same subnet as the internal network or already on the private subnets then this step is useless [as there would be entries already for private subnet as mentioned on the link].

The comment still does NOT qualify as answer but does as a workaround; as the question was to configure split tunneling.

Thank you.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question