We have a number of C2S (legacy) VPN users on BM3.8.

Management wants to restrict their Internet access so that they can only
access the Internet (web browsing) in the same manner as if they were in
the office via our BM proxy server with its rules. (We've had problems
with people playing a little too much.)

What is the best way to do that? Am I correct in that we want to check
the "Encrypt All Networks" checkbox in VPN configuration? Is htat what
would force them to access pages through our proxy? any better
suggestions? Thanks!