Configure Split Tunneling | WatchGuard Technologies SOHO 6.1

Configure Split Tunneling

Configure Split Tunneling

Another new feature in this release is split tunneling that allows the administrator to specify all Internet traffic originating from the Trusted interface of the SOHO 6 to go through the VPN tunnel. Previously, only traffic headed specifically for the other end of the VPN tunnel was sent through the tunnel; Traffic destined for other Internet addresses was sent directly to the Internet. Split tunneling allows a company to centrally enforce an Internet access policy.

To set up split tunneling:

1With your Web browser, go to the System Status page using the

trusted IP address of the SOHO 6.

For example, if using the default IP address, go to: http://192.168.111.1

2From the navigation bar on the left side, select

VPN => Manual VPN.

The Manual VPN page appears.

3Click Add.

The Add Gateway page appears.

4Enter the information to add the gateway.

For instructions on completing the Add Gateway page, see “Set Up Multiple SOHO-SOHO VPN Tunnels” on page 89.

5Type the network IP address of the Local Network.

6Type 0.0.0.0/0 as the IP address of the Remote Network.

7Click Submit.

MUVPN Clients

The SOHO 6 can be upgraded to use the MUVPN clients option. This feature allows remote users to securely connect to the SOHO 6 through an IPSec VPN tunnel. The remote user gains access to the local trusted network and networks on Branch Office VPN tunnels

User Guide

93

Image 111

WatchGuard Technologies SOHO 6.1 manual Configure Split Tunneling, Muvpn Clients

Contents

WatchGuard Firebox Soho User Guide Following conventions are used in this guide Using this Guide Industry Canada Certifications and NoticesFCC Certification CE Notice Vcci Notice Class a ITE Declaration of Conformity Watchguard Soho Software END-USER License Agreement User Guide Vii Viii WatchGuard Firebox Soho Copyright, Trademark, and Patent Information WatchGuard Firebox Soho User Guide Xii WatchGuard Firebox Soho Contents Configure the Network Interfaces Configure the Firewall Settings VPN-Virtual Private Networking Index 117 Xviii WatchGuard Firebox Soho Welcome Introduction Package Contents How Does a Firewall Work? How Does Information Travel on the Internet? IP addressesProtocol Network Address Translation ServicesHow Does the Soho 6 Process Information? Port numbers Ethernet ports Soho 6 Hardware DescriptionSoho 6 front and rear views Faster Processor Mode StatusLink 100 OPT port Numbered ports Reset buttonPower input WAN port Introduction WatchGuard Firebox Soho Installation Microsoft Windows 2000 and Windows XP Review and record your current TCP/IP settingsClick Start = Programs = Accessories = Command Prompt Before You Begin Other operating systems Unix, Linux Microsoft Windows NTMicrosoft Windows 95 or 98 or ME Macintosh Exit the TCP/IP configuration screen Disable the Http proxy setting of your Web browser Click Edit = Preferences Netscape Click Tools = Internet Options Enable your computer for DhcpClick Start = Settings = Control Panel Internet Explorer 5.0, 5.5, Click Properties Physically connect the Soho Cabling the Soho 6 for one to four appliances Cabling the Soho 6 for more than four computers Physically connect the Soho Soho 6 is now connected to the Internet and your hub Soho 6 Home Page-System Status Soho 6 Basics Soho 6 Basics Default Factory Settings External NetworkTrusted Network System Security Reset a Soho 6 to factory defaultFirewall Settings Upgrade Options Base model Soho Register your Soho 6 and Activate the LiveSecurity Service Reboot the Soho Reboot the Soho Soho 6 Basics WatchGuard Firebox Soho Configure Network Interfaces Configure Your External NetworkNetwork addressing Configure the Soho 6 External Network for dynamic addressing Configure the Soho 6 External Network for static addressing Manual ConfigurationNetwork = External Configure the Soho 6 External Network for PPPoE Click Automatically restore lost connections Configure Dhcp Server and Dhcp Relay Configure the Trusted Network Trusted Network Configuration page appears Configure additional computers on the Trusted Network Network = Trusted Configure the Trusted Network with static addresses Configure Static Routes Click Add Network = Network Statistics View Network Statistics Configure the Dynamic DNS Service Select the Enable Dynamic DNS client checkboxNetwork = DynamicDNS Configure Dual ISP Port Configure OPT Port Upgrades Configure OPT Port Upgrades Network = Dual ISP Configure VPNforce Port Network = Optional Configure OPT Port Upgrades Configure the Network Interfaces WatchGuard Firebox Soho Administrative Options System management System Security Administration = System Security Soho Remote Management Set up VPN Manager Access Select Enable VPN Manager Access Administration = VPN Manager Access Administration = Update Update Your Firmware Redeem your Soho 6 Upgrade Options Administration = Upgrade Upgrade optionsSeat Licenses IPSec Virtual Private Networking VPN LiveSecurity Service Subscription RenewalsDual ISP Port VPNforce Port Administration = View Configuration File View the Configuration File Firewall Settings Configure Firewall Settings Configure Incoming and Outgoing Services Pre-configured ServicesFirewall = Incoming or Outgoing Create a Custom Service Custom Service page refreshes Firewall = Custom Service Block External Sites Blocked Sites page appears Firewall = Firewall Options Firewall Options Socks implementation for the Soho Denying FTP access to the Trusted Network interfaceSelect Do not allow FTP access to Trusted Network Ping requests received on the External Network Configuring your Socks application Disabling Socks on the Soho Logging all allowed outbound traffic Enable override MAC address for the External Network Select Log All Allowed Outbound AccessSelect Enable override MAC address for the External Network Select Enable pass through address Create an Unrestricted Pass ThroughFirewall = Pass Through Create an Unrestricted Pass Through Configure the Firewall Settings WatchGuard Firebox Soho Configure Logging From the navigation bar on the left side, select Logging View Soho 6 Log Messages To have your log messages synchronize with your computer Select Enable WatchGuard Security Event Processor Logging Set up Logging to a Syslog Host Select Enable syslog outputLogging = Syslog Logging Select Include local time in syslog message Set the System Time Select a time zone from the drop list Select Adjust for daylight savings time Configure Logging WatchGuard Firebox Soho VPN-Virtual Private Networking Why Create a Virtual Private Network? What You Need IP Address Table example Enable the VPN Upgrade How do I get a static external IP address? Frequently Asked QuestionsWhy do I need a static external address? Special Considerations How do I troubleshoot the connection? Why is ping not working?How do I obtain a VPN upgrade license key? How do I enable a VPN Tunnel? VPN = Manual VPN Set Up Multiple SOHO-SOHO VPN Tunnels Enter the Name, IPSec Gateway Address, and Shared Key for Soho 6 you want to set up a VPN tunnel Set Up Multiple SOHO-SOHO VPN Tunnels Forward Secrecy Muvpn Clients Configure Split Tunneling Statistics View the VPN Statistics How WebBlocker Works Soho 6 WebBlocker Web site not in the WebBlocker database Web site in the WebBlocker databaseWatchGuard WebBlocker database unavailable Groups Purchase and Activate Soho 6 WebBlockerWebBlocker users and groups Bypass the Soho 6 WebBlocker Configure the Soho 6 WebBlocker WebBlocker = SettingsActivate WebBlocker Create WebBlocker Groups and Users Select Enable WebBlocking Click New to create a group name and profile Click Submit To the right of the Users field, click New WebBlocker Categories Alcohol/tobaccoIllegal Gambling Intolerance Militant/extremistDrug Culture Satanic/cult Sports and Leisure Gross DepictionsViolence/profanity Search Engines Sexual Acts Full NudityPartial/artistic Nudity Troubleshooting Tips Support ResourcesGeneral How do I restart my Soho 6? How do I register my Soho 6 with the LiveSecurity Service? What is a Soho 6 Feature Key? Cant get a certain Soho 6 feature to work with a DSL modemHow does the seat limitation on the Soho 6 work? 110 Select Enable Dhcp Server and then click Submit ConfigurationWhere are the Soho 6 settings stored? How do I set up Dhcp on the trusted network of the Soho 6? Disable Enable Dhcp Server and then click Submit How do I set up and disable Webblocker?How do I change to a static, trusted IP address? Firewall = Incoming VPN Management How do I set up VPN to a Soho 6s? How do I set up my Soho 6 for VPN Manager Access? Contact Technical support Online Documentation and In-Depth FAQs Numerics Index WAN Socks Redeeming 57 types Upgrade page 58 upgrading Processor WebBlocker 122