Split Tunneling on Watchguard firewall

I am looking for step by step information on how to enable split tunneling on one of our Edge firewalls. We currently have allowed PPTP traffice through to RRAS on our 2008 R2 Server with NAP. We need users to be able to browse the internet.
KarlSolidAsked:
Who is Participating?
 
Greg HejlPrincipal ConsultantCommented:
sounds like your default route is set to route through your vpn tunnel.

there needs to be a route statement to route the network your 2008 r2 server is on through the vpn tunnel

then your default route needs to point to the wan port

http://www.watchguard.com/help/docs/wsm/11/en-US/index_Left.html#CSHID=en-US%2Fbovpn%2Fmanual%2Fglobal_vpn_settings_about_c.html|StartTopic=Content%2Fen-US%2Fbovpn%2Fmanual%2Fglobal_vpn_settings_about_c.html|SkinName=WSM%20%28en-US%29

the section in this link that applies to you is setting up dynamic NAT

0
 
dpk_walCommented:
0
 
dpk_walCommented:
Reading again you have configured WG Edge as VPN passthrough and using RRAS for VPN; you can still look at second URL and change configuration at client and see if that does work.

Thank you.
0
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

 
setasoujiroCommented:
open the PPTP adapter on the client, properties, networking, tcpipv4 right click properties, advanced,
uncheck 'use default gateway on remote network'

note that when doing this, you will not be able to browse your remote network by hostname only by ip (unless you specify a manual dns, or edit the host file of the client pc)
0
 
setasoujiroCommented:
@dpk wal
i'm sorry , didn't see the link you posted before
0
 
KarlSolidAuthor Commented:
Thanks
0
 
dpk_walCommented:
The question refers to PPTP whereas the comment chosen as answer refers to IPSec configuration; doesn't look right.
0
 
Greg HejlPrincipal ConsultantCommented:
the question was how to enable split tunneling so the client computers could surf the internet.

the watchguard's default configuration as a branch router is to route all traffic through the vpn tunnel.

http://www.watchguard.com/help/docs/wsm/11/en-US/index_Left.html#CSHID=en-US%2Fbovpn%2Fmanual%2Fglobal_vpn_settings_about_c.html|StartTopic=Content%2Fen-US%2Fbovpn%2Fmanual%2Fglobal_vpn_settings_about_c.html|SkinName=WSM%20%28en-US%29 

the link did not display correctly- i directed the user to Dynamic NAT which is in the chapter:

"Define a Route for All Internet-Bound Traffic"

found in the index on the left

0
 
dpk_walCommented:
Exactly the link does NOT explain how to ENABLE SPLIT TUNNELING rather if the traffic comes to firebox then using NAT we can direct it to the internet. If the client virtual IPs were on the same subnet as the internal network or already on the private subnets then this step is useless [as there would be entries already for private subnet as mentioned on the link].

The comment still does NOT qualify as answer but does as a workaround; as the question was to configure split tunneling.

Thank you.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.