|
Question : Split Tunnel Concern
|
|
I have a Sonicwall Pro 4060 at our corporate office.
I have a couple Netgear VPN firewalls in a couple locations. I want to allow traffic to our corporate network, but I don't necessarily want the internet traffic on the remote locations to go through the vpn.
The remote locations have cable connections and are faster then our T1.
Should I be concerned about doing this? Or should I force all traffic through the VPN tunnels?
I am assuming that what I have right now is considered split tunnelling, but I am not sure of a descent way around this.
basically the vpn firewall connects to our Sonicwall, and the client pcs connect to the netgear directly. they use their cable connections for web surfing and downloads and what not, and the tunnel for remote desktop and file transfers from their work pcs...
all client pcs have antivirus and windows firewall turned on. and no interent connection sharing.
|
Answer : Split Tunnel Concern
|
|
This is a very typical setup with independent Internet connections with VPN tunnel back to HQ. It is, by definition, split-tunneled.
The risk is - how much do you trust your users? As long as there is one user that is willing to click on every link in every email, especially their personel email, then you will always have a problem with potential for malware running amok on your entire network. A classic example was a user I ran into when the Anna Kournakova virus hit. She kept clicking on the email attachment saying "look, it doesn't do anything when "I" click on it - watch - click....".... sigh....
|
|
|
|
|
