The SonicWall SSL-VPN 2000 is an impressive and feature-packed appliance. For the most part, I have no complaints (well, it would be nice if it worked on the iPhone or iPad, but this is a bigger issue…), but recently we ran into a rather annoying problem.
The SSL-VPN allows you to configure “bookmarks” that are links to your internal resources. Bookmarks can be Remote Desktop, FTP, VNC, and (among others) http and https. For intranet sites that support basic authentication, it will even push credentials.
All urls accessed through the vpn are rewritten something like: https://sslvpn/go/http://intranetsite/index.html. All URLs referenced within are rewritten as well. This works great until it doesn’t.
Say your intranet page has a link to google.com. The SSL-VPN will happily proxy all traffic through itself, rewriting the link to https://sslvpn/go/http://www.google.com.
Now say you had a link to some cloud-based application that doesn’t tolerate being proxied, and you have a problem.
As far as I can tell, SonicWall provides no option to disable rewriting for a specific bookmark. If you have purchased the Web Application Firewall addon, I believe you can setup exceptions, but I’m not even so sure about that. So… I had to try to figure it out myself.
One of the people who requested my workaround found that in his case there was a much simpler solution: If you simply need to create a bookmark to an external website, you can just configure the bookmark on the SSL-VPN as an “external website”. My workaround is for the case where you need the SSL-VPN to proxy an internal page, but that page has a link (or redirect) to an external page that gets mangled.