Full-Tunnel OpenVPN between Edge Threat Management NG Firewalls
If you have updated this setting for an existing group, you must redownload & redeploy the client config file to each remote NG Firewall which is to use the full-tunnel configuration. Any existing tunnels will remain connected, but will only operate in split-tunnel mode until the client config file is replaced.
Connecting the Tunnel
Download your client config file from the NGFW in Apps > OpenVPN > Server > Remote Clients. For a site-to-site tunnel, be sure to select the ZIP file option.
On the remote NG Firewall, upload the ZIP file in Apps > OpenVPN > Client by clicking the 'Upload Remote Server Configuration File' button.
Your tunnel should connect automatically. Once it is active & passing traffic, all sessions that exit the remote NG Firewall will cross the tunnel to the server NG Firewall.
Have more questions? Submit a request
Please sign in to leave a comment.
A full-tunnel VPN connection forces all traffic which exits the client device across the VPN tunnel instead of using its own internet connection & gateway. This is useful for remote sites which you would like processed through a central NG Firewall, such as a small satellite office or branch.
You are able to create a full-tunnel connection using OpenVPN by enabling the 'Full Tunnel' option in Group settings. Any client config file which belongs to this group will have the full-tunnel option added to its config file.