Internet Access Options for Mobile VPN Users

For Mobile VPN with IPSec, Mobile VPN with SSL, and Mobile VPN with L2TP, you have two options for Internet access for your Mobile VPN users:

Force all client traffic through tunnel (default-route VPN)

The most secure option is to require that all remote user Internet traffic is routed through the VPN tunnel to the Firebox. Then, the traffic is sent back out to the Internet. With this configuration (known as default-route VPN), the Firebox is able to examine all traffic and provide increased security, although it uses more processing power and bandwidth.

Allow direct access to the Internet (split tunnel VPN)

Another configuration option is to enable split tunneling. With this option, your users can browse the Internet, but Internet traffic is not sent through the VPN tunnel. Split tunneling improves network performance, but decreases security because the policies you create are not applied to the Internet traffic. If you use split tunneling, we recommend that each client computer have a software firewall.

For Mobile VPN with IKEv2, only default-route VPN is supported.

For information about how to configure these options for each type of Mobile VPN, see:

• Options for Internet Access Through a Mobile VPN with IPSec Tunnel
• Options for Internet Access Through a Mobile VPN with SSL Tunnel
• Internet Access Through a Mobile VPN with L2TP Tunnel
• Internet Access Through a Mobile VPN with IKEv2 Tunnel

Give Us Feedback  •   Get Support  •   All Product Documentation  •   Technical Search

© 2018 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard logo, WatchGuard Dimension, Firebox, Core, Fireware, and LiveSecurity are registered trademarks or trademarks of WatchGuard Technologies in the United States and/or other countries.