Forcing AV traffic outside of corporate VPN tunnels RRS feed

  • Question

  • Hello All. I just got my enterprise deployment up and running in my lab and will be building this deployment out again in my production environment shortly. There is one major difference between the production environment and my lab.

    This different is that we have over a dozen subnets from different offices connected by IPSEC vpn tunnels. From what I understand vpn and AV traffic do not mix very well and I have read that generally this is resolved by creating internal DNS entries pointing to the public ip address of my av services.

    I would like some clarification because the bit I have found on this does not quite cover my environment. I have a consolidated fqdn for my edge services due to limited public ip addresses (so sip.domain.com covers all traffic and services) In this case, do I still simply point internal DNS to SIP.domain.com? Or is there something else I do here to get the av traffic flowing externally at all times?


    Monday, August 1, 2016 12:33 AM