?
Solved

Split Tunneling on Watchguard firewall

Posted on 2011-09-06
11
Medium Priority
?
2,209 Views
Last Modified: 2012-05-12
I am looking for step by step information on how to enable split tunneling on one of our Edge firewalls. We currently have allowed PPTP traffice through to RRAS on our 2008 R2 Server with NAP. We need users to be able to browse the internet.
0
Comment
Question by:KarlSolid
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +1
11 Comments
 
LVL 32

Expert Comment

by:dpk_wal
ID: 36493489
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 36493505
Reading again you have configured WG Edge as VPN passthrough and using RRAS for VPN; you can still look at second URL and change configuration at client and see if that does work.

Thank you.
0
 
LVL 14

Expert Comment

by:setasoujiro
ID: 36494054
open the PPTP adapter on the client, properties, networking, tcpipv4 right click properties, advanced,
uncheck 'use default gateway on remote network'

note that when doing this, you will not be able to browse your remote network by hostname only by ip (unless you specify a manual dns, or edit the host file of the client pc)
0
Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

 
LVL 14

Expert Comment

by:setasoujiro
ID: 36494060
@dpk wal
i'm sorry , didn't see the link you posted before
0
 
LVL 13

Accepted Solution

by:
Greg Hejl earned 2000 total points
ID: 36494998
sounds like your default route is set to route through your vpn tunnel.

there needs to be a route statement to route the network your 2008 r2 server is on through the vpn tunnel

then your default route needs to point to the wan port

http://www.watchguard.com/help/docs/wsm/11/en-US/index_Left.html#CSHID=en-US%2Fbovpn%2Fmanual%2Fglobal_vpn_settings_about_c.html|StartTopic=Content%2Fen-US%2Fbovpn%2Fmanual%2Fglobal_vpn_settings_about_c.html|SkinName=WSM%20%28en-US%29

the section in this link that applies to you is setting up dynamic NAT

0
 

Author Closing Comment

by:KarlSolid
ID: 36502073
Thanks
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 36508052
The question refers to PPTP whereas the comment chosen as answer refers to IPSec configuration; doesn't look right.
0
 
LVL 13

Expert Comment

by:Greg Hejl
ID: 36518774
the question was how to enable split tunneling so the client computers could surf the internet.

the watchguard's default configuration as a branch router is to route all traffic through the vpn tunnel.

http://www.watchguard.com/help/docs/wsm/11/en-US/index_Left.html#CSHID=en-US%2Fbovpn%2Fmanual%2Fglobal_vpn_settings_about_c.html|StartTopic=Content%2Fen-US%2Fbovpn%2Fmanual%2Fglobal_vpn_settings_about_c.html|SkinName=WSM%20%28en-US%29 

the link did not display correctly- i directed the user to Dynamic NAT which is in the chapter:

"Define a Route for All Internet-Bound Traffic"

found in the index on the left

0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 36520687
Exactly the link does NOT explain how to ENABLE SPLIT TUNNELING rather if the traffic comes to firebox then using NAT we can direct it to the internet. If the client virtual IPs were on the same subnet as the internal network or already on the private subnets then this step is useless [as there would be entries already for private subnet as mentioned on the link].

The comment still does NOT qualify as answer but does as a workaround; as the question was to configure split tunneling.

Thank you.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Azure Functions is a solution for easily running small pieces of code, or "functions," in the cloud. This article shows how to create one of these functions to write directly to Azure Table Storage.
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Video by: Steve
Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question