Limiting certain user access to remote desktop services outside of WAN with Sonicwall NSA?

Posted on 2011-10-26
Last Modified: 2012-05-12
hi guys

we've got a load of users that access the remote desktop systems from the LAN, WAN and also when some of them are away from the office in different countries.

We have a Sonicwall NSA 3500 at our Head Office. Is there a way that we can limit some users only from limiting them accessing the remote desktop services once they leave the office? (i.e. when they're outside of the WAN). Can Sonicwall link to Active Directory at all in order to refuse the connection of a user by account name in AD when they're outside of the WAN? Or anything along the lines which you experts believe would work better?

Thanks a lot,
Question by:Yashy
    LVL 10

    Expert Comment

    I would setup a VPN and only allow access to the users that are ok to RDP.  Or do users that you don't want to RDP need VPN access?
    LVL 1

    Author Comment

    Well i dont want to have a vpn. I want them to use the external ip address and log on that. I cant stop those users accesss during times they are logged onto the LAN or WAN. What i wanted to stop is when they got home and attempted access. Can it be done?
    LVL 2

    Accepted Solution

    Most Sonicwall Devices can link to Active Directory for security, auditing, and access control purposes. If I understand correctly, you only want to allow Remote Desktop Access to certain users, and you only want these certain users to be able to initiate RDP when outside of your companies network? If this is the case, you can setup a rule on the Sonicwall Device allow RDP port 3398 for all IP's/Networks, and add a rule to DENY 3398 from your companies internal subnet/network or specific
    IP Addresses. I hope this helps. Let me know if you have more questions or I am in Left field with this one. :)
    LVL 1

    Author Comment

    Thanks dude. I'll give it a shot and reopen a post if need be:). Cheers.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
    Hi All,  Recently I have installed and configured a Sonicwall NS220 in the network as a firewall and Internet access gateway. All was working fine until users started reporting that they cannot use the Cisco VPN client to connect to the customer'…
    This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now