Howto prevent traffic to internet when SSLVPN client running

  • 3888892
  • 26-Jan-2007
  • 26-Apr-2012


Novell Access Management 3 SSLVPN Server


When the SSLVPN client is loaded, it gives the users the ability to tunnel data going to applications on the private, protected network. All other traffic, destined for non protected networks, will continue to go out the public interface as normal. This setup is known as split tunneling.

Administrators may want to prevent access to public resources when the SSLVPN tunnel is running. In order to do this, additonal steps are required.


If the administrator needs the extra security then you disable split tunneling with NAM by applying a traffic policy for the network. Doing this will prevent any packets going out destined for public addresses.

However, with the current client we can only tunnel traffic through our SSLVPN if the client processes the requests. It only does this if

a) the request comes from a NEW process started after the SSLVPN client was brought up and
b) the call was made to WINSOCK.

If the process was already running or if a call is made to NetBIOS or MAPI or whatever then the SSLVPN client will not process it and redirect it through the tunnel.