Hello all,

I am currently trying to setup one of these very nice Vigor boxes for one of my office sites. I have setup the LAN to LAN IPSEC Tunnel which connects just fine and allows me access back to the servers on the range I have specified on said LAN to LAN profile, however, I wish to push all internet traffic back down the tunnel so that my firewall on the other end handles all access to what they can and cannot do.

I wondered if someone would be able to point me in the right direction as I am a bit stumped.

Shouldn't you be putting in a proxy address in the group policy instead of doing it on the fire wall?

The computers that are on site are all Macs and not on the domain. So no group policy.

Is there a way to set the Internet traffic to use a proxy on the Draytek itself?

In that case you would need to create a firewall rule to block(unless further match) all HTTP/HTTPS traffic LAN >WAN and then an ALLOW rule for the same service with the destination address of the proxy server.
I take it you can change the scope on the MACS to they point to the proxy

Paladax wrote:
Is there a way to set the Internet traffic to use a proxy on the Draytek itself?

If the Draytek is doing the DHCP the you could change the GW to the other address/proxy

At the moment I have a little mini setup with just the draytek and a laptop while I nail down the settings before I send it on to site.

We have other sites that are using Pfsense firewalls and they manage to push the traffic back through the tunnel and through the Palo Alto Firewall. They spent a lot of money and time on the PA box and hence why they would rather use that for the firewall then the draytek.
And on those sites we don't have to set a proxy.

It is not so much using a proxy as telling the firewall on the site end to push all internet traffic through to the PA box. Plus, as some of these Macs/ Ipads will be personal use ones I can't go around setting up/removing proxies every time they take it somewhere other then the office.