We have a customer who has a few back office staff in the Philippines and we need to get them around a Geo-Block for a particular website they need as part of their role. The customer has a split-tunnel SSL-VPN in the AWS Sydney Region, we can look to route the traffic via the SSL-VPN tunnel so that it traverses via Australia instead of their home ISP in the Philippines, bypassing the geo-block.
First things first, is we’ve contacted the site owner and they’re either refusing or unwilling to whitelist anything for us. So under Policy and Objects, we will create a Address Object that will hold the IP of the web host, now that is created, we will find the Firewall Policy that allows the VPN traffic into the firewall, the From or Source is usually the ssl.root or SSL VPN Interface, we want to add the address into the Destination as allowed. It should look like something below.
The final piece of the puzzle is to add the route into the SSL-VPN – so under VPN > SSL-VPN Portals, find your SSL VPN Portal, Edit and then add the object into the Routing Address Override, so that once a client connects a route is added to use the vpn for that IP address.
In the picture, you’ll see a CMS Portal Entry which has the IP we entered earlier in the Address Object. Hit Ok to save and ask any users connected to reconnect to their VPN for the new route to propagate correctly.
Leave a Reply