I'm a system admin, and have also become the Network guy. This is okay: it's a small network. I'm still learning.
I have a PA-200, installed by a VAR, in a colocation rack. Rack is filled with windows and linux hosts.
I need to alter the VPN so that when my users in the office connect from their laptops, they can see the systems (ssh, rdp, https) in the rack, while at the same time being able to connect to the office printer, the internet, and so on.
Thanks in Advance,
The easy way is use a full tunnel (access route 0.0.0.0/0) and control the access to the host and internet using security policies.
From: specific_users to: DMZ Hosts_needed -> accept
From: All users to: Untrust ANY -> accept.
Also if you need both, you can follow the next guide.
Removed that value - and we're good.
I believe, now, that when the client PC logs into the VPN _all_ it's traffic is going to the colocation rack and using their internet. So I still need to set up the split tunnel per the above link.
And next up: the powers that be want to expand our use of the apps and services on the servers in that rack, so 'a client per machine' is now a legacy solution and I need to think about a dedicated VPN tunnel. Joy!
But I feel a lot better about this: thanks.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!