How do I disable VPN passthrough? What are the benefits and drawbacks to disabling this function?
VPN passthrough is typically used on small office home office (SOHO) network gateway devices. This means that the gateway itself is not the termination point of the VPN, but rather a passive device allowing the VPN packets to pass through the firewall. Depending on the type of VPN, different protocols and ports are required to enable the VPN traffic. In the case of IPsec, the required ports are typically user datagram protocol (UDP) Port 500 for Internet key exchange (IKE) and Port 4500 for network address translation (NAT) traversal. On most systems, this feature can be enabled or disabled within the device’s configuration menu.
The benefit of disabling VPN passthrough is enhanced security by blocking open communication ports through the firewall that otherwise would be open and accessible. The drawback is that a user behind the gateway would not be able to establish a VPN connection, since the required VPN ports are blocked at the firewall. In particular, if an end user relies on a VPN connection for their home office, those ports should not be blocked.
Email your VPN-related questions to firstname.lastname@example.org
Dig Deeper on Network automation and intent-based networking
Related Q&A from Rainer Enders
Administrators don't have to worry about interoperability; integrated mobile application and device management is the best approach. Continue Reading
Ensuring that the client software itself is up to date is just one of many reasons why it's critical to oversee VPN clients. Continue Reading
To ensure mobile device security, VPN expert Rainer Enders explains that it is crucial to monitor changed states and block software modifications. Continue Reading