Main Menu
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
SonicWall
  • Products
    • Network Security
      • Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
      • Security ServicesComprehensive security for your network security solution
      • Network Security ManagerModern Security Management for today’s security landscape
    • Advanced Threat Protection
      • Capture ATPMulti-engine advanced threat detection
      • Capture Security applianceAdvanced Threat Protection for modern threat landscape
    • Access Security
      • Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
      • Secure Mobile AccessRemote, best-in-class, secure access
      • Wireless Access PointsEasy to manage, fast and secure Wi-FI
      • SwitchesHigh-speed network switching for business connectivity
    • Email Security
      • Email SecurityProtect against today’s advanced email threats
    • Cloud Security
      • Cloud App SecurityVisibility and security for Cloud Apps
      • Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
    • Endpoint Security
      • Capture ClientStop advanced threats and rollback the damage caused by malware
      • Content Filtering ClientControl access to unwanted and unsecure web content
    • Product Widgets
      • Product Menu Right Image
      • Capture Cloud Platform
        Capture Cloud Platform

        A security ecosystem to harness the power of the cloud

    • Button Widgets
      • Products A-Z
        all products A–Z FREE TRIALS
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure WiFi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • English English English en
  • BLOG
  • CONTACT SALES
  • FREE TRIALS
  • English English English en
SonicWall
  • Products
    • Network Security
      • Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
      • Security ServicesComprehensive security for your network security solution
      • Network Security ManagerModern Security Management for today’s security landscape
    • Advanced Threat Protection
      • Capture ATPMulti-engine advanced threat detection
      • Capture Security applianceAdvanced Threat Protection for modern threat landscape
    • Access Security
      • Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
      • Secure Mobile AccessRemote, best-in-class, secure access
      • Wireless Access PointsEasy to manage, fast and secure Wi-FI
      • SwitchesHigh-speed network switching for business connectivity
    • Email Security
      • Email SecurityProtect against today’s advanced email threats
    • Cloud Security
      • Cloud App SecurityVisibility and security for Cloud Apps
      • Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
    • Endpoint Security
      • Capture ClientStop advanced threats and rollback the damage caused by malware
      • Content Filtering ClientControl access to unwanted and unsecure web content
    • Product Widgets
      • Product Menu Right Image
      • Capture Cloud Platform
        Capture Cloud Platform

        A security ecosystem to harness the power of the cloud

    • Button Widgets
      • Products A-Z
        all products A–Z FREE TRIALS
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure WiFi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • Menu

How to configure Route to Internet (RTI)

09/14/2020 54 People found this article helpful 100,369 Views

    Download
    Print
    Share
    • LinkedIn
    • Twitter
    • Facebook
    • Email
    • Copy URL The link has been copied to clipboard

    Description

    How to configure Route to Internet (RTI)

    Resolution

    Overview

    This article explains how to configure RTI in the Aventail Management Console (AMC).

    The Route To Internet (RTI) functionality was added to the appliance to allow Connect or OnDemand Tunnel users running in redirect-all mode to access the Internet. The primary use case for this is customers that are running in redirect-all mode but still want to allow user access to the Internet via the internal network. This is accomplished by sending Internet bound traffic through the secure tunnel and then the appliance onto the internal network. Traffic destined for the Internet can then be filtered and logged internally before being allowed to the public sites.

    Note: RTI does not provide the ability to specify or set an outbound proxy in the end user's browser.

    RTI is only supported for appliances running in Single Gateway, Unrestricted routing mode.   


    Image

    Procedure

    To configure RTI:

    1. In AMC, select Network Settings | Routing | Configure Routing.
    2. Click the Advanced option pull-down button.
    3. Select the Enable route to Internet check box.
    4. In the field, type the IP address of the appliance internal gateway (i.e., the first hop from the appliance internal interface to the internal network).

    Set Access Control Rules

    Access control rules are required to be defined that will allow users to pass through the appliance and get to the Internet. This can be accomplished in two ways:

    1. Define a user/group to Any Destination rule. This will allow the specified user and/or group to access any internal or external (public) destination once they authenticate successfully. There are security concerns to be examined if this kind of rule is used. It allows access to any address over the VPN reducing access controls in the internal network.  
    2. To allow more granular access control, define IP range resources which exclude the non-routable subnets. Make sure the ranges do not include any subnets on the internal network. These IP range resources can then be grouped together in a resource group and used for Internet access rules. Other rules representing internal resources can then be used normally. This will allow the creation of access rules to internal resources as well without having to use a "Any" rule as described above.

      For example, define the following IP range resources:

      1.0.0.1 - 9.255.255.255
      11.0.0.1 - 172.15.255.255
      172.32.0.1 - 192.167.255.255
      192.169.0.1 - 255.255.255.255

      These resources can then be added to the access control rules to permit Internet access. Or you can create a single resource group that contains these resources and then reference only the group in the access control rule for simpler administration.


    For RTI for Modes other than Single Gateway - Unrestricted:

    1. Create the four resources covering the public Internet IP address range, as above. 

    2. Add the Access Control Rule allowing access to those resources. This creates the routes on the client side. 

    3. Set the community to Redirect All.  


    In Summary:

    There are three configuration settings that allow Route To Internet: 

    1.  For a client to send traffic to the Internet thru the VPN either of these needs to be set:  (this gets the necessary routes set on the client side) 

    a. Redirect-All or Redirect-All-Nonlocal 

    b. The four IP address range resources depicted above and an ALLOW access control rule. 

    2. Access Control configuration on the appliance muse be either of the following:  

    a. The four IP address range resources (above) and an ALLOW access control rule. 

    b. Access control rules denying access to critical internal resources followed by an "Allow All Resources" access control rule. (Not the recommended approach for security reasons.) 

    3. Gateway configuration concerns on the appliance: 

    a. In "Single Gateway Unrestricted" mode with the RTI option enabled.  The gateway to forward user traffic to the Internet must be configured. 

    b. In "Dual Gateway' mode the "internal gateway", configured in System Configuration > Network Settings > Routing, must be capable of routing the user traffic to the Internet thru the LAN. 




    Related Articles

    • SMA100: NetExtender support for Windows ARM-based processors is not available on Windows platforms, use Mobile Connect until Ver-10.2.2 Release
    • SMA100 Series: Maximum number of Un-authenticated Connections that each of the Product Supports.
    • Configuring Device Management based on Device ID for SMA 100

    Categories

    • Secure Mobile Access > SMA 1000 Series

    Not Finding Your Answers?

    ASK THE COMMUNITY

    Was This Article Helpful?

    YESNO

    Article Helpful Form

    Article Not Helpful Form

    Company
    • Careers
    • News
    • Leadership
    • Awards
    • Press Kit
    • Contact Us
    Popular resources
    • Communities
    • Blog
    • SonicWall Capture Labs

    Stay In Touch

    • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
    • This field is for validation purposes and should be left unchanged.
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
    • Instagram

    © 2022 SonicWall. All Rights Reserved.

    • Legal
    • Privacy
    • English
      Scroll to top
      Trace:bc25ceab620983726ed9b9f9e3bc8474-80