Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

Remote Access VPN/App+URL Policy Enforcement when split tunneling is disabled

Jump to solution

R80.10 Manager

R80.10 VSX with handful of virtual systems

1 Virtual System is handling Endpoint Security VPN:

  • Allow to route through gateway is set
  • Route through gateway is forced via global properties settings
  • ipchicken confirm public ip is that of gateway
  • Rule that reads:
    • src: vpn_pool
    • dst: Internet
    • URL Category attempting to block
    • Action Block/UserCheck Message

Issue: App/URL Policy is not applied to these users even though they are routing through gateway, is this expected behavior? 

1 Solution

Accepted Solutions
Highlighted

Turns out it was rule order. There was a rule that was set to inspect for content with source of any and it was getting hit first even though remote access rule and subsequent rule to block certain content were after this rule was catching on first rule.

--Juan

View solution in original post

0 Kudos
4 Replies
Highlighted
Admin
Admin

What rule is actually accepting the traffic?

What's being logged?

Perhaps that might provide a clue.

0 Kudos
Highlighted

Turns out it was rule order. There was a rule that was set to inspect for content with source of any and it was getting hit first even though remote access rule and subsequent rule to block certain content were after this rule was catching on first rule.

--Juan

View solution in original post

0 Kudos
Highlighted
Admin
Admin

Good to know, thanks for updating.

0 Kudos
Highlighted
Participant

Hey Juan,

Can you please explain a little more on how to solve this issue?

0 Kudos