Thank you very much for your answers. I will ask our service provider next week if one of the two options is possible. ... View more

Thanks. This works. Will put this in my documentation 🙂   I testing with 3 users, and 2 GP's, 1 GP did work, the other didnt. Now i changed the setting you provided, and now both worked.    To be honest, it is strange :S ... View more

I've done something similar to this, but use it to get into the web interface of the upstream ISP router/modem/whatever  acts as the internet gateway for the MX/Z3 devices at our remote branches. At the remote site:   SD-WAN & Traffic Shaping -> Local Internet Breakout -> Create a rule that excludes TCP 80 (or TCP 443, or both) destined for 192.168.1.75 (or whatever the FritzBox's DHCP address is).   Then, remote into a workstation/server at the remote site - we use this as a proxy to connect to HTTP(S)://192.168.1.75. The host-specific (or subnet-specific) VPN Exclusion rule makes sure that the traffic targeting 192.168.1.75 on whatever ports we defined doesn't get wrapped up in the AutoVPN and dead-ended at your core. ... View more