Full-Tunnel OpenVPN between Edge Threat Management NG Firewalls


A full-tunnel VPN connection forces all traffic which exits the client device across the VPN tunnel instead of using its own internet connection & gateway. This is useful for remote sites which you would like processed through a central NG Firewall, such as a small satellite office or branch.

Configuring Full-Tunnel

You are able to create a full-tunnel connection using OpenVPN by enabling the 'Full Tunnel' option in Group settings. Any client config file which belongs to this group will have the full-tunnel option added to its config file.

If you have updated this setting for an existing group, you must redownload & redeploy the client config file to each remote NG Firewall which is to use the full-tunnel configuration. Any existing tunnels will remain connected, but will only operate in split-tunnel mode until the client config file is replaced.

Connecting the Tunnel

Download your client config file from the NGFW in Apps > OpenVPN > Server > Remote Clients. For a site-to-site tunnel, be sure to select the ZIP file option.
On the remote NG Firewall, upload the ZIP file in Apps > OpenVPN > Client by clicking the 'Upload Remote Server Configuration File' button.
Your tunnel should connect automatically. Once it is active & passing traffic, all sessions that exit the remote NG Firewall will cross the tunnel to the server NG Firewall.
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request



Please sign in to leave a comment.

Powered by Zendesk