Route all Internet traffic through policy-based VPNs

You can force all traffic from VPN clients or clients in protected networks to be routed through a policy-based VPN.

Before you begin

You must have a working VPN between all gateways.

Routing all traffic from VPN clients or clients in protected networks through a policy-based VPN allows the traffic to be inspected centrally.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Enable NAT for tunneled traffic in the Policy-Based VPN element’s properties.
  2. Change the mode of the central gateway’s sites in this policy-based VPN to Private and replace them with a Site element that contains the Any Network element. Disable the Any Network Site in other VPNs.
  3. Reconfigure the policy:
    1. Create Access rules.
    2. Create NAT rules that translate any private IP addresses to public addresses for the Internet.
  4. Redirect the traffic from external components to the central gateway as necessary.
    For VPN Gateways elements, add an Access rule that sends the allowed traffic to the VPN.
  5. (VPN Clients only) Configure the Virtual Adapter.