Tunnel All Mode - Setup

CV_Frank · March 2022

Hello,

I am configuring our SSL VPN (that currently works great) to Tunnel All Mode. This is a NIST requirement for our client.

I am reading the following articles -

https://help.sonicwall.com/help/sw/eng/6910/26/2/1/content/SSL_VPN_Client_Routes.089.3.html

https://www.sonicwall.com/support/knowledge-base/how-can-i-allow-sslvpn-users-access-to-the-internet-when-using-tunnel-all-mode/170505877560278/

http://www.seanlabrie.com/2012/force-all-traffic-over-a-netextender-ssl-vpn-connection-but-allow-users-to-continue-to-access-the-internet/

My question is regarding the Network Object "WAN RemoteAcess Networks" it mentions it should be "a network address object whose value 0.0.0.0 acts like a default route"

In every written SonicWall tutorial This Network Object is already there, but on ours, it is not. So I figured no big deal, I'll just create one, but it gives me no other information about the type or zone that I should use.

My question is, to you wonderful people, is has anyone successfully set up SSL VPN in Tunnel All Mode? If so, can you please describe your "WAN Remote Access Network" network object to me, in detail? Also, did you have to add any nat/firewall policies to get it to work? According to the above article, I shouldn't have to do anything besides Add that network Object "WAN Remote Access Networks" to the SSL VPN client settings page under Client Routes, and boom it should work.

I do not want any suggestions regarding group VPN, or other VPN configurations, we have something that works very well for our client, We just need to update the settings so it becomes compliant.

Thank you