Using global tunnels to a central firewall to securely connect many remote sites

Article:TECH82386  |  Created: 2004-01-01  |  Updated: 2012-01-26  |  Article URL http://www.symantec.com/docs/TECH82386
Article Type
Technical Solution


Issue



You need a secure method of passing traffic between multiple sites. You have more than six sites that need to be able to communicate with each other. Your remote offices have Symantec Firewall/VPN appliances or Symantec Gateway Security 300 Series appliances. Because Symantec Firewall/VPN appliances and Symantec Gateway Security 300 Series appliances can only use five remote entities in a single tunnel and you don't want to make multiple site-to-site tunnels, you want to force all traffic between the sites through a tunnel to a central security gateway.


Solution



If you use Symantec Enterprise Firewall or a Symantec VelociRaptor or Symantec Gateway Security appliance at your central office, you can create a global tunnel from each site to your central site. This will cause all traffic from the remote sites to pass through your central security gateway and, from there, be routed to the appropriate destination.

For instructions for creating a global tunnel with your Symantec Firewall/VPN appliances or Symantec Gateway Security 300 Series or 400 Series appliances, read Symantec Knowledge Base article, How to create global tunnels with dynamic tunnels on the Symantec Firewall/VPN appliance.


Note: Global tunnels force all traffic through the tunnel. This means that traffic from your remote sites that is destined for the Internet must pass through your central security gateway. This may significantly increase the load on your central security gateway and increase the traffic through your tunnels.







Legacy ID



2004070113265154


Article URL http://www.symantec.com/docs/TECH82386


Terms of use for this information are found in Legal Notices