Remote access is access to organizational information systems by users (or processes acting on behalf of users) communicating through external networks (e.g., the Internet). Remote access methods include, dial-up, broadband, and wireless. Virtual private networks (VPNs), when adequately provisioned with appropriate security controls, are considered internal networks, rather than a remote access method. The remote access server must forward traffic destined to the private network to the firewall interface inspecting all private network ingress traffic.
To allow traffic to u-turn, the firewall would have to be configured to NAT for the pool of remote client addresses on the outside interface (the same global address), as well as have a configuration statement to allow traffic to egress out the same interface in which the remote session terminates-most implementations do not allow this by default. If the firewall is configured to allow a u-turn, then there must be another firewall upstream to inspect this outbound traffic or the traffic must be forwarded (policy based routed) towards the firewall or applicable proxy to perform the stateful inspection. |