Remote access to network for external sales consultants

I am looking for advice on the best way to enable remote access for external sales to our network.

External sales guys currently own their own laptops, a range of  O/S, brands etc. They are not joined to our domain, they work independently with an email account only provided by the company.

Internal sales has requested that external sales have access to shared folder on our network for sales to login and update quotes etc.

What is the best way to enable this. I do not want to go down VPN route due to company not owning equipment, different o/s, no managment of Avirus etc, users have home o/s not business. Also the support and managment of this equipemnet.

Any suggesetions....?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Do you have a Windows Server?  If you have SBS 2008 or 2011, you can port-forward 443 to the server and they can access your internal web site externally.  Security won't be a big deal since they need to log in using their domain credentials (which, if they have email through your server, they have credentials).  Then they can easily pick shared folders and access the files like they are on the network.

I'm not sure about Windows Standard editions, since this is one of those SBS features, like Remote Web Workplace.

Let us know what type of server/routing equipment you have.
can a Sharepoint server for sharing documents possible? then you can have a website on Internet side which can be accessed by external and Internal users for sharing the required documents with specific permissions.
It may be system failure event log is disabled. you can enable it to get more information when the system crashes.

right click on Mycomputer and click on properties.
select advanced Tab
enable the "Write an event to the system log" under system failure.

You can disable Automatically Restart so that you can view the BSOD when system crashes. but this can delay the reboot of the system as this will require manual reboot.
Check Out How Miercom Evaluates Wi-Fi Security!

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom on how WatchGuard's Wi-Fi security stacks up against the competition plus a LIVE demo!

You could simply dedicate a computer on the network and enable remote desktop on it. Allowing the external sales guys to login using their credentials. However only one session will be allowed at a time unless using a server which is limitated at 2 if no additional terminal licences are purchased.
Gareth Tomlinson CISSPNetwork and Security ManagerCommented:
I'm sorry, but not deploying a firewall based VPN is a short sighted decision that WILL come back to haunt you.
exposing your Windows server to the internet is a disaster waiting to happen, no matter how you restrict the ports and keep up to date with patches.
Buy a Fortigate firewall (they are fairly cheap). Use the SSL VPN so people can connect from a web browser and don't need a client, and apply antivirus and malware scanning (on the Fortigate) to the connections.
You can even carry out endpoint checking for up to date antivirus running on the clients, I'm not sure if that applies to the SSL users though.
Ideally your shared drive would be on a DMZ server, and not on your LAN.
If you are on SBS 2008 or 2011, going with the above suggestion concerning the built in Sharepoint (Companyweb) and/or shared folder access both via Remote Web Workplace is the way to go. That is one of the reasons it exists.
You could load a teminal server and purchase licenses for the salespeople and this would be a fine solution as well.
VPN's can work just fine depending on the bandwidth available but I understand your apprehension.
Give us more info as to the current setup so we can better advise.
collie3Author Commented:

The current setup is as follows..

WebServer is offsite and hosted by host Ireland.
File Server is a windows 2003 SBS
We currently have a Fortinet 200B firewall, and a range of windows 2003 and windows 2008 SBS.

Remote access to a single PC would not work as there will be upto 10 people accessing this.

The SSL VPN connection on the Fortinet, I must research this option and see what the capabilites are?

Another option I was thinking of was FTP Server. Although they want to upload all quotes and a spreadsheet to be populated so a lot of manual work involved there....

My ideal solution would be
VPN's - Equipment owned and configured by company
A CRM System - Not just for this requirement, but basically the deparment is growing quite rapidly and they keep looking for quick fixes, they still dont know exactly what they want and have not documented exact requirements however in the meantime IT need to implement a solution.
Gareth Tomlinson CISSPNetwork and Security ManagerCommented:
The SSL is a free feature on the Fortigate, you have 2 options with it.
First is "tunnel mode", which effectively gives the remote user access to all the internal resources, but it is tricky to set up correctly.
Second is a "portal" mode, where you log in via web browser and then have "shortcuts" to web, FTP and terminal servers that you click on from the web page.
The setup is documented by Fortigate on the knowledgebase, basically set up users, add them to a user group for SSL VPN, set up SSL VPN, configure the portal by adding the bookmarks you want the users to have access to, create a firewall policy (and filter profile for A/V, malware, IDS) to allow SSL users access to the portal.
It works very well indeed.
You can also have users authenticating via LDAP or Radius, but that's more complex.

Uploading a shared spreadsheet is hard, as you may well end up with more than one person editing it at a time; Sharepoint stops this if you implement "check out", but it's not simple to set up Sharepoint.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Even with SBS2003, the Companyweb can be made avaiable remotely. Set port forwarding using port 444 to go to the Companyweb and set up an A record at your DNS host for
Use the documents section for the sales people to share docs.
Quick and easy, implement a SSL cert for added security instead of the self signed cert if you are concerned with it.
collie3Author Commented:
They have provided a final requirements list....

An excel spreadsheet with hyperlinks to quotes which are stored in a directory on our common drive on the internal LAN. Users need to be able to open the hyperlinks to view quotes. Each user must have a unique login and password and only access to their spreadsheet and quotes. A log of access is also required for each user.

This pretty much rules out sharepoing, webpage access, ftp, remote access on a single PC.

My only real option is VPN.?? I need to see if there is a way I can manage VPN's withough too much hassel or security implication using their own equipement.....

Unless anyone has any further recommendations.....
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.