File server folder redirection server VPN users

Posted on 2012-09-13
Last Modified: 2012-10-12
I have domain controller that has  Folder redirection GPO policy to backup users's files in our LAN office but we have another office with another city so I am asking how can I setup VPN connection to that users so that they can connect to the domain controller folder redirection GPO policy to backup their files into the server ?

Question by:fahad44
    LVL 35

    Expert Comment

    Just for clarification:
    Is your question, how to setup the VPN connection or how folder redirection works via VPN connection?

    For VPN connection at all, you can use a lot of endpoints for VPN, most routers provide it and even if a windows server (not a good idea for a DC) has a NIC in the public internet, it can act as RRAS server (role) , what provides a VPN endpoint. If you have a router, and want to handle windows as VPN endpoint, you have to set your router to VPN pass through (if provides).

    If you have a server in your branch office, they can create a site-to-site VPN connection and traffice between the two servers are routet throug then VPN tunnel.

    VPN clients act as they would be part of the local network. So they can work with most of the settings, which are provided on a remote network. The point with VPN is, that usually the client first logs in and then the VPN session is started. As policies (also folder redirection) are usualy snchronizied every 60-120 minutes by default, also the VPN client get these settings, but has to start his profile synchronisation later. This is another policy setting you can set, how the synchronisation is scheduled, i.e. at logon, logoff or during idle times etc. A second setting in the policies can be used, which bandwith is the minimum, that synchronisation can happen (this is to limit it, not to happen over slow connection).

    For profile sync, a site to site VPN is better, as the line is up, before the computer starts and the user logs on. But even client to server VPN can work in your direction with some smaller changes in the policies.

    So, a generic answer to a generic question first, you may ask what you want to know in detail.
    LVL 1

    Author Comment

    Thanks  for the descriptive answer.

    I have Fortinet  Firewall that  has  interface that faces the public internet so  does the VPN will work  if I   configure the VPN on this fortinet with out using site to site VPN connection .

    my other question is when the VPN clients is connected does the internet will work for that PC.
    LVL 35

    Accepted Solution

    1.) Yes, sure. At least the appliances I know support all VPN, just have a look into the specification of your appliance, how many simultanous VPN clients are supported. Also you may investigate, if the Fortinet works with windows VPN client or if you have to install a dedicated Fortinet client on the client machine.  

    The only lack of client to endpoint VPN is, that at the user has first to login to the OS and then to establish the VPN connection while a site to site connection is completely transparent (not realy visible) for the client. In case of client to endpoint VPN, you have to keep some policies into the scope:
    Under computer - adm. templates - System - Group policy...
    Group policy slow link detection (default 500 kbit)

    The other policies may work by default, but maybe a point of fine tuning.
    There are also some settings, how folder redirection is processed, you should have in mind, that folder redirection should usually happen, before the user desktop is loaded.

    2.) In general yes. But as the Fortinet uses rules (like any other firewall) to decide, what is allowed and what not, you may have to add a rule, that VPN clients are allowed to connect to the internet. As the Fortinet is the endpoint of the VPN connection, the endpoint has to take care, that traffic from the VPN tunnel can be routed to the intranet / internet or wherever.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    We recently had an issue where out of nowhere, end users started indicating that their logins to our terminal server were just showing a "blank screen." After checking the usual suspects -- profiles, shell=explorer.exe in the registry, userinit.exe,…
    I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
    This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
    This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now