File server folder redirection server VPN users

I have domain controller that has  Folder redirection GPO policy to backup users's files in our LAN office but we have another office with another city so I am asking how can I setup VPN connection to that users so that they can connect to the domain controller folder redirection GPO policy to backup their files into the server ?

Who is Participating?
1.) Yes, sure. At least the appliances I know support all VPN, just have a look into the specification of your appliance, how many simultanous VPN clients are supported. Also you may investigate, if the Fortinet works with windows VPN client or if you have to install a dedicated Fortinet client on the client machine.  

The only lack of client to endpoint VPN is, that at the user has first to login to the OS and then to establish the VPN connection while a site to site connection is completely transparent (not realy visible) for the client. In case of client to endpoint VPN, you have to keep some policies into the scope:
Under computer - adm. templates - System - Group policy...
Group policy slow link detection (default 500 kbit)

The other policies may work by default, but maybe a point of fine tuning.
There are also some settings, how folder redirection is processed, you should have in mind, that folder redirection should usually happen, before the user desktop is loaded.

2.) In general yes. But as the Fortinet uses rules (like any other firewall) to decide, what is allowed and what not, you may have to add a rule, that VPN clients are allowed to connect to the internet. As the Fortinet is the endpoint of the VPN connection, the endpoint has to take care, that traffic from the VPN tunnel can be routed to the intranet / internet or wherever.
Just for clarification:
Is your question, how to setup the VPN connection or how folder redirection works via VPN connection?

For VPN connection at all, you can use a lot of endpoints for VPN, most routers provide it and even if a windows server (not a good idea for a DC) has a NIC in the public internet, it can act as RRAS server (role) , what provides a VPN endpoint. If you have a router, and want to handle windows as VPN endpoint, you have to set your router to VPN pass through (if provides).

If you have a server in your branch office, they can create a site-to-site VPN connection and traffice between the two servers are routet throug then VPN tunnel.

VPN clients act as they would be part of the local network. So they can work with most of the settings, which are provided on a remote network. The point with VPN is, that usually the client first logs in and then the VPN session is started. As policies (also folder redirection) are usualy snchronizied every 60-120 minutes by default, also the VPN client get these settings, but has to start his profile synchronisation later. This is another policy setting you can set, how the synchronisation is scheduled, i.e. at logon, logoff or during idle times etc. A second setting in the policies can be used, which bandwith is the minimum, that synchronisation can happen (this is to limit it, not to happen over slow connection).

For profile sync, a site to site VPN is better, as the line is up, before the computer starts and the user logs on. But even client to server VPN can work in your direction with some smaller changes in the policies.

So, a generic answer to a generic question first, you may ask what you want to know in detail.
fahad44Author Commented:
Thanks  for the descriptive answer.

I have Fortinet  Firewall that  has  interface that faces the public internet so  does the VPN will work  if I   configure the VPN on this fortinet with out using site to site VPN connection .

my other question is when the VPN clients is connected does the internet will work for that PC.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.