Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Remote access to network for external sales consultants

Posted on 2012-04-02
Medium Priority
Last Modified: 2012-04-25
I am looking for advice on the best way to enable remote access for external sales to our network.

External sales guys currently own their own laptops, a range of  O/S, brands etc. They are not joined to our domain, they work independently with an email account only provided by the company.

Internal sales has requested that external sales have access to shared folder on our network for sales to login and update quotes etc.

What is the best way to enable this. I do not want to go down VPN route due to company not owning equipment, different o/s, no managment of Avirus etc, users have home o/s not business. Also the support and managment of this equipemnet.

Any suggesetions....?
Question by:collie3
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +3

Assisted Solution

netjon earned 500 total points
ID: 37796789
Do you have a Windows Server?  If you have SBS 2008 or 2011, you can port-forward 443 to the server and they can access your internal web site externally.  Security won't be a big deal since they need to log in using their domain credentials (which, if they have email through your server, they have credentials).  Then they can easily pick shared folders and access the files like they are on the network.

I'm not sure about Windows Standard editions, since this is one of those SBS features, like Remote Web Workplace.

Let us know what type of server/routing equipment you have.
LVL 17

Expert Comment

ID: 37796804
can a Sharepoint server for sharing documents possible? then you can have a website on Internet side which can be accessed by external and Internal users for sharing the required documents with specific permissions.
LVL 17

Expert Comment

ID: 37796824
It may be system failure event log is disabled. you can enable it to get more information when the system crashes.

right click on Mycomputer and click on properties.
select advanced Tab
enable the "Write an event to the system log" under system failure.

You can disable Automatically Restart so that you can view the BSOD when system crashes. but this can delay the reboot of the system as this will require manual reboot.
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.


Expert Comment

ID: 37796991
You could simply dedicate a computer on the network and enable remote desktop on it. Allowing the external sales guys to login using their credentials. However only one session will be allowed at a time unless using a server which is limitated at 2 if no additional terminal licences are purchased.

Assisted Solution

by:Gareth Tomlinson CISSP
Gareth Tomlinson CISSP earned 1000 total points
ID: 37800299
I'm sorry, but not deploying a firewall based VPN is a short sighted decision that WILL come back to haunt you.
exposing your Windows server to the internet is a disaster waiting to happen, no matter how you restrict the ports and keep up to date with patches.
Buy a Fortigate firewall (they are fairly cheap). Use the SSL VPN so people can connect from a web browser and don't need a client, and apply antivirus and malware scanning (on the Fortigate) to the connections.
You can even carry out endpoint checking for up to date antivirus running on the clients, I'm not sure if that applies to the SSL users though.
Ideally your shared drive would be on a DMZ server, and not on your LAN.

Assisted Solution

wtandrews earned 500 total points
ID: 37800845
If you are on SBS 2008 or 2011, going with the above suggestion concerning the built in Sharepoint (Companyweb) and/or shared folder access both via Remote Web Workplace is the way to go. That is one of the reasons it exists.
You could load a teminal server and purchase licenses for the salespeople and this would be a fine solution as well.
VPN's can work just fine depending on the bandwidth available but I understand your apprehension.
Give us more info as to the current setup so we can better advise.

Author Comment

ID: 37800986

The current setup is as follows..

WebServer is offsite and hosted by host Ireland.
File Server is a windows 2003 SBS
We currently have a Fortinet 200B firewall, and a range of windows 2003 and windows 2008 SBS.

Remote access to a single PC would not work as there will be upto 10 people accessing this.

The SSL VPN connection on the Fortinet, I must research this option and see what the capabilites are?

Another option I was thinking of was FTP Server. Although they want to upload all quotes and a spreadsheet to be populated so a lot of manual work involved there....

My ideal solution would be
VPN's - Equipment owned and configured by company
A CRM System - Not just for this requirement, but basically the deparment is growing quite rapidly and they keep looking for quick fixes, they still dont know exactly what they want and have not documented exact requirements however in the meantime IT need to implement a solution.

Accepted Solution

Gareth Tomlinson CISSP earned 1000 total points
ID: 37801046
The SSL is a free feature on the Fortigate, you have 2 options with it.
First is "tunnel mode", which effectively gives the remote user access to all the internal resources, but it is tricky to set up correctly.
Second is a "portal" mode, where you log in via web browser and then have "shortcuts" to web, FTP and terminal servers that you click on from the web page.
The setup is documented by Fortigate on the knowledgebase, basically set up users, add them to a user group for SSL VPN, set up SSL VPN, configure the portal by adding the bookmarks you want the users to have access to, create a firewall policy (and filter profile for A/V, malware, IDS) to allow SSL users access to the portal.
It works very well indeed.
You can also have users authenticating via LDAP or Radius, but that's more complex.

Uploading a shared spreadsheet is hard, as you may well end up with more than one person editing it at a time; Sharepoint stops this if you implement "check out", but it's not simple to set up Sharepoint.

Expert Comment

ID: 37801176
Even with SBS2003, the Companyweb can be made avaiable remotely. Set port forwarding using port 444 to go to the Companyweb and set up an A record at your DNS host for companyweb.companyname.com
Use the documents section for the sales people to share docs.
Quick and easy, implement a SSL cert for added security instead of the self signed cert if you are concerned with it.

Author Comment

ID: 37837836
They have provided a final requirements list....

An excel spreadsheet with hyperlinks to quotes which are stored in a directory on our common drive on the internal LAN. Users need to be able to open the hyperlinks to view quotes. Each user must have a unique login and password and only access to their spreadsheet and quotes. A log of access is also required for each user.

This pretty much rules out sharepoing, webpage access, ftp, remote access on a single PC.

My only real option is VPN.?? I need to see if there is a way I can manage VPN's withough too much hassel or security implication using their own equipement.....

Unless anyone has any further recommendations.....

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question