Route traffic to certain website through SSL VPN/GVC without Tunnel all Mode.
Description
There are a few sites that are configured to only allow traffic from company offices’ Public IP. Access to such websites over SSL-VPN/GVC if there is no tunnel all mode enabled on the firewall.
Resolution for SonicOS 7.X
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
Access the website over GVC.
- Add the address object with the zone assignment as WAN by navigating to OBJECT | Addresses Objects
Name of the object – Website IP
Zone assignment - WAN
Type - Host
IP Address - 188.226.140.221
- Navigate to Device| Users| Local Users and give the Website IP address object in VPN access of the User.
- Create the Nat policy. Navigate to Policy |Rules and Policies |Nat Rules and add a new NAT policy as shown below
NOTE: Once the above setup is done, You will be able to access the website using a firewall's public IP. If running packet capture, you will notice the traffic gets routed through the firewall public IP to the website IP address.
Accessing website over SSL VPN
For accessing a website over SSL VPN, we do not need to create any Route/NAT policy.
- Add address object with the zone assignment as WAN by navigating to OBJECT | Addresses Objects
Name of the object – Website IP
Zone assignment - WAN
Type - Host
IP Address - 188.226.140.221
- Add route to this object in SSL-VPN | Client Settings
- Click Client Routes and choose the address object previously created (here website IP), click OK
- Navigate to Users| Local Groups
- Open the SSLVPN Services group
- Click on the tab VPN Access.
- Add Website IP to the list from left-hand side pane. click save
- Navigate to access rules (SSLVPN | WAN) and check the existence of the rule respectively.
NOTE: Once the above setup is done, You will be able to access the website using a firewalls public IP. If running packet capture, you will notice the traffic gets routed through the firewall public IP to the website IP address.
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
Access the website over GVC.
- Add the address object with the zone assignment as WAN by navigating to Manage| OBJECT | Addresses Objects
Name of the object – Website IP
Zone assignment - WAN
Type - Host
IP Address - 188.226.140.221
- Navigate to Manage| Users| Local Users and give the Website IP address object in VPN access of the User.
- Create the Nat policy. Navigate to Manage |Rules |Nat Policies and add a new NAT policy as shown below
NOTE: Once the above setup is done, You will be able to access the website using a firewalls public IP. If running packet capture , you will notice the traffic gets routed through the firewall public IP to the website IP address.
Accessing website over SSL VPN
For accessing a website over SSL VPN, we do not need to create any Route/NAT policy.
- Add address object with the zone assignment as WAN by navigating to Manage| OBJECT | Addresses Objects
Name of the object – Website IP
Zone assignment - WAN
Type - Host
IP Address - 188.226.140.221
- Add route to this object in SSL-VPN | Client Settings
- Click Client Routes and choose the address object previously created (here website IP), click OK.
- Navigate to Users| Local Groups.
- Open the SSLVPN Services group.
- Click on tab VPN Access.
- Add Website IP to the list from left-hand side pane. click Save
- Navigate to access rules (SSLVPN | WAN) and check the existence of the rule respectively.
NOTE: Once the above setup is done, You will be able to access the website using a firewall's public IP. If running packet capture, you will notice the traffic gets routed through the firewall public IP to the website IP address.