Default gateway on route all traffic through tunnel

[elzilcho]

Hopefully someone will know for sure, but need some confirmation to a suspicion I have...

When customer uses secure client and doesn't tick the "route all traffic through tunnel" option, he doesn't get a default gateway assigned.

When he does tick this option he is assigned a default gateway- which is always the first IP in the range of addresses from the pool.

eg. 192.168.1.0 /24 is the range, he gets 192.168.1.20 with a DG of 192.168.1.1

Is this a built-in feature of the firewall that it will allocate the first address in the range as the DG when "tunnel all" is ticked? As I can't see anything configurable within the policy to this effect. Also, if this is the case, I imagine the firewall is intelligent enough to know not to assign the .1 address as the user's IP?

[melipla]

Quote:

Originally Posted by elzilcho

Is this a built-in feature of the firewall that it will allocate the first address in the range as the DG when "tunnel all" is ticked? As I can't see anything configurable within the policy to this effect. Also, if this is the case, I imagine the firewall is intelligent enough to know not to assign the .1 address as the user's IP?

The "route all traffic through the tunnel" is also known as "Hub Mode". I've found that the default gateway IP may change, but will always be an IP from the OM pool. The .1 default route basically says to route all traffic to the firewall--it doesn't impact how the firewall routes it. So it doesn't matter if the .1 address is used by another client because when the firewall receives the encrypted packet, it will decrypt it and route it accordingly.