cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Remote Access VPN/App+URL Policy Enforcement when split tunneling is disabled

Jump to solution

R80.10 Manager

R80.10 VSX with handful of virtual systems

1 Virtual System is handling Endpoint Security VPN:

  • Allow to route through gateway is set
  • Route through gateway is forced via global properties settings
  • ipchicken confirm public ip is that of gateway
  • Rule that reads:
    • src: vpn_pool
    • dst: Internet
    • URL Category attempting to block
    • Action Block/UserCheck Message

Issue: App/URL Policy is not applied to these users even though they are routing through gateway, is this expected behavior? 

1 Solution

Accepted Solutions
Highlighted

Re: Remote Access VPN/App+URL Policy Enforcement when split tunneling is disabled

Jump to solution

Turns out it was rule order. There was a rule that was set to inspect for content with source of any and it was getting hit first even though remote access rule and subsequent rule to block certain content were after this rule was catching on first rule.

--Juan

0 Kudos
3 Replies
Admin
Admin

Re: Remote Access VPN/App+URL Policy Enforcement when split tunneling is disabled

Jump to solution

What rule is actually accepting the traffic?

What's being logged?

Perhaps that might provide a clue.

0 Kudos
Highlighted

Re: Remote Access VPN/App+URL Policy Enforcement when split tunneling is disabled

Jump to solution

Turns out it was rule order. There was a rule that was set to inspect for content with source of any and it was getting hit first even though remote access rule and subsequent rule to block certain content were after this rule was catching on first rule.

--Juan

0 Kudos
Admin
Admin

Re: Remote Access VPN/App+URL Policy Enforcement when split tunneling is disabled

Jump to solution

Good to know, thanks for updating.

0 Kudos