Tunnel all
Espen_Langøy
Newbie ✭
We are trying to figure out how to set up a "tunnel all" configuration in Cloud Secure Edge Private Access. We need to access several external resources from our official IP address within our work network, which is currently managed by "tunnel all" in SSL-VPN. How can this be achieved using Cloud Secure Edge?
Category: Cloud Secure Edge
0
Answers
I'am not experienced enough with CSE at the moment, but this should get you covered (hopefully).
https://docs.banyansecurity.io/docs/banyan-labs/full-tunnel/
https://www.sonicwall.com/support/knowledge-base/cse-getting-started-create-a-service-tunnel/240624112028920
On the Firewall side of things you have to check how the packets are routed and setup NAT and Access Rules accordingly.
—Michael@BWC
Thank's for the input BWC.
Still no luck, Sonicwall support is on the case, but so far they are not able to answer either.
I'am intrigued to give this a try.
Maybe I'l find some time at the weekend, because this is something I would need for my customers too when they decide to switch over to CSE.
@David W are there any known issue that this might not work as intended?
—Michael@BWC
@BWC @Espen_Langøy
See the document link here.
https://docs.banyansecurity.io/docs/banyan-labs/full-tunnel/
David Wilbur
Technical Support Senior Advisor, Premier Services , SME Email Security, Cloud Secure Edge
@David W I already did a couple of posts ago. 😎
In other words, it should work as documented, no major pitfalls?
—Michael@BWC
@BWC Its pretty much what you see there but like you said firewall is most likely to cause some headaches.
David Wilbur
Technical Support Senior Advisor, Premier Services , SME Email Security, Cloud Secure Edge
Service Tunell es set up accordingly to documentation.
However, traffic other than local networks are routed through CSE, and not the firewall.
Nat and routing are problematic to, due to tunell-interface is not visible on the firewall.
@Espen_Langøy Tunnel all means all traffic no matter what it is will use the tunnel.
IF that is not what you were wanting I suggest opening a case to work with a tech on this.
David Wilbur
Technical Support Senior Advisor, Premier Services , SME Email Security, Cloud Secure Edge
@David W , that's what I am trying to achieve, the problem is that traffic to a eg public IP is not gouing through the service tunell, it goes through CSE network, but not through the firewall..
A tech from Sonicwall will look at it later today :)
I created a Service Tunnel with a single public IP included, but when I crank up the Banyan App on my iPhone(and Windows) it only lists the internal networks in the Tunnel Details, not the public IPs.
Any chance that this is related to the following, because it can't be enabled for integrated connectors on the Firewall?
—Michael
@BWC Did you use the firewall connector or did you use the latest Linux or OVA?
The only ones supporting that right now are the Linux and the OVA,.
David Wilbur
Technical Support Senior Advisor, Premier Services , SME Email Security, Cloud Secure Edge
I tried with the embedded firewall connector, but the documentation mentioned
Is this information outdated and it should work with linux connector even when Global Edge is in place? I have Connector running as a Docker container on AWS which I could use for.
—Michael@BWC
@BWC Full tunnel will require a local Access tier not a connector to work. I do not believe that the Access Teir is updated yet.
David Wilbur
Technical Support Senior Advisor, Premier Services , SME Email Security, Cloud Secure Edge