How to route a traffic from IPSec (Site-to-Site VPN) to Internet
I've requirement to set all traffic from a few branches routed to HQ or IT center. Each branch is IPsec VPN site-to-site to HQ and disable split-tunnel. All traffic will be controlled/monitored by HQ before pass-through Internet and/or some internal hosts. So I'd appreciate if you can provide a solution how to add the branch subnets routing and policy on the HQ firewall. Suppose branches subnets are 192.168.10.0/24 and 192.168.11. 0/24; HQ subnets are 192.168.100.0-102.0/24. The HQ FW is running with HA and SonicOS 7. The HQ FW is connected to MPLS and ADSL links.