-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
Route traffic to certain website through SSL VPN/GVC without Tunnel all Mode.
08/02/2022 
70 People found this article helpful
366,008 Views
Description
There are a few sites that are configured to only allow traffic from company offices’ Public IP. Access to such websites over SSL-VPN/GVC if there is no tunnel all mode enabled on the firewall.
Resolution
Resolution for SonicOS 7.X
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
Access the website over GVC.
- Add the address object with the zone assignment as WAN by navigating to OBJECT | Addresses Objects
Name of the object – Website IP
Zone assignment - WAN
Type - Host
IP Address - 188.226.140.221
- Navigate to Device| Users| Local Users and give the Website IP address object in VPN access of the User.
- Create the Nat policy. Navigate to Policy |Rules and Policies |Nat Rules and add a new NAT policy as shown below
NOTE: Once the above setup is done, You will be able to access the website using a firewall's public IP. If running packet capture, you will notice the traffic gets routed through the firewall public IP to the website IP address.
Accessing website over SSL VPN
For accessing a website over SSL VPN, we do not need to create any Route/NAT policy.
- Add address object with the zone assignment as WAN by navigating to OBJECT | Addresses Objects
Name of the object – Website IP
Zone assignment - WAN
Type - Host
IP Address - 188.226.140.221
- Add route to this object in SSL-VPN | Client Settings
- Click Client Routes and choose the address object previously created (here website IP), click OK
- Navigate to Users| Local Groups
- Open the SSLVPN Services group
- Click on the tab VPN Access.
- Add Website IP to the list from left-hand side pane. click save
- Navigate to access rules (SSLVPN | WAN) and check the existence of the rule respectively.
NOTE: Once the above setup is done, You will be able to access the website using a firewalls public IP. If running packet capture, you will notice the traffic gets routed through the firewall public IP to the website IP address.
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
Access the website over GVC.
- Add the address object with the zone assignment as WAN by navigating to Manage| OBJECT | Addresses Objects
Name of the object – Website IP
Zone assignment - WAN
Type - Host
IP Address - 188.226.140.221
- Navigate to Manage| Users| Local Users and give the Website IP address object in VPN access of the User.
- Create the Nat policy. Navigate to Manage |Rules |Nat Policies and add a new NAT policy as shown below
NOTE: Once the above setup is done, You will be able to access the website using a firewalls public IP. If running packet capture , you will notice the traffic gets routed through the firewall public IP to the website IP address.
Accessing website over SSL VPN
For accessing a website over SSL VPN, we do not need to create any Route/NAT policy.
- Add address object with the zone assignment as WAN by navigating to Manage| OBJECT | Addresses Objects
Name of the object – Website IP
Zone assignment - WAN
Type - Host
IP Address - 188.226.140.221
- Add route to this object in SSL-VPN | Client Settings
- Click Client Routes and choose the address object previously created (here website IP), click OK.
- Navigate to Users| Local Groups.
- Open the SSLVPN Services group.
- Click on tab VPN Access.
- Add Website IP to the list from left-hand side pane. click Save
- Navigate to access rules (SSLVPN | WAN) and check the existence of the rule respectively.
NOTE: Once the above setup is done, You will be able to access the website using a firewall's public IP. If running packet capture, you will notice the traffic gets routed through the firewall public IP to the website IP address.
Related Articles
- How to Block Google QUIC Protocol on SonicOSX 7.0?
- How to block certain Keywords on SonicOSX 7.0?
- How internal Interfaces can obtain Global IPv6 Addresses using DHCPv6 Prefix Delegation
YES
NO