How can I allow SSLVPN users access to the internet when using tunnel all mode?
03/26/2020 1608 35017
NetExtender or Mobile Connect in tunnel all mode forces all traffic to be routed over the SSL-VPN adapter. To allow your end users access to internet over the UTM-SSLVPN, we will need to allow WAN Remote Access Networks (a network address object whose value 0.0.0.0 acts like a default route), and the Tunnel All option must be selected on the Client Routes page
The method below is appropriate when the administrator wants all of their NetExtender | Mobile Connect users to have their internet access provided through the SSLVPN. Be sure that you are not overwhelming the internet bandwidth at the location where the firewall is installed, as this traffic will be added to the other loads from inside the network.
Login to SonicWall management page.
Navigate to SSL-VPN | Client Settings screen, configure Default Device Profile and click Client Routes tab.
Select Enabled in Tunnel All Mode option.
On the Users | Local Groups screen, configure SSLVPN Services group and under tab “VPN Access,” add the object WAN Remote Access Networks.
NOTE: No custom rules are needed on the Firewall | Access Rules screen for this to work. You can see auto-added rules in the section SSLVPN to WAN.