>If you're connecting to the internet, route to the internet. If you're connecting to "inside your enterprise network", route through the VPN.
Block-lists, traffic-audit/amount, not allowed ports, protocol/packet inspection, mail-scanning and archival (aka have a hint how in-house data leaves your corporation)...enterprise stuff, you can do that on the endpoint, inside your "server-farm", or both, most enterprises distrust endpoints (for good reason), and completely trust the internal infrastructure (for often not so good reasons).
I know we are in that HN bubble but ~97% of enterprise don't work in IT but need lots of it.
>If you're talking about forced https interception,
No i don't, but some company's absolutely want that (sometimes for good reasons)
But you can also argue that an endpoint-firewall is just allowed to connect to one external ip (VPN-gateway) is also not a bad thing.
If you ever work for something critical (Financial/Defend/Insurance) you see 1000 points for securing/restricting the traffic (especially port 80/443) of endpoints and one for the opposite (that grumpy dev/ceo who wants admin right on his laptop and wants to use it "privately" too...btw even worse with smartphones).
This does not seem to agree what you previously said: "VPN's where made so you can securely work inside your enterprise network"
If you're connecting to the internet, route to the internet. If you're connecting to "inside your enterprise network", route through the VPN.
>EnterpriseFirewall HTTPS
If you're talking about forced https interception, then it sounds like an excellent way to make something secure (https) insecure.