File server folder redirection server VPN users

Posted on 2012-09-13
Medium Priority
Last Modified: 2012-10-12
I have domain controller that has  Folder redirection GPO policy to backup users's files in our LAN office but we have another office with another city so I am asking how can I setup VPN connection to that users so that they can connect to the domain controller folder redirection GPO policy to backup their files into the server ?

Question by:fahad44
  • 2
LVL 35

Expert Comment

ID: 38427045
Just for clarification:
Is your question, how to setup the VPN connection or how folder redirection works via VPN connection?

For VPN connection at all, you can use a lot of endpoints for VPN, most routers provide it and even if a windows server (not a good idea for a DC) has a NIC in the public internet, it can act as RRAS server (role) , what provides a VPN endpoint. If you have a router, and want to handle windows as VPN endpoint, you have to set your router to VPN pass through (if provides).

If you have a server in your branch office, they can create a site-to-site VPN connection and traffice between the two servers are routet throug then VPN tunnel.

VPN clients act as they would be part of the local network. So they can work with most of the settings, which are provided on a remote network. The point with VPN is, that usually the client first logs in and then the VPN session is started. As policies (also folder redirection) are usualy snchronizied every 60-120 minutes by default, also the VPN client get these settings, but has to start his profile synchronisation later. This is another policy setting you can set, how the synchronisation is scheduled, i.e. at logon, logoff or during idle times etc. A second setting in the policies can be used, which bandwith is the minimum, that synchronisation can happen (this is to limit it, not to happen over slow connection).

For profile sync, a site to site VPN is better, as the line is up, before the computer starts and the user logs on. But even client to server VPN can work in your direction with some smaller changes in the policies.

So, a generic answer to a generic question first, you may ask what you want to know in detail.

Author Comment

ID: 38427585
Thanks  for the descriptive answer.

I have Fortinet  Firewall that  has  interface that faces the public internet so  does the VPN will work  if I   configure the VPN on this fortinet with out using site to site VPN connection .

my other question is when the VPN clients is connected does the internet will work for that PC.
LVL 35

Accepted Solution

Bembi earned 1500 total points
ID: 38429967
1.) Yes, sure. At least the appliances I know support all VPN, just have a look into the specification of your appliance, how many simultanous VPN clients are supported. Also you may investigate, if the Fortinet works with windows VPN client or if you have to install a dedicated Fortinet client on the client machine.  

The only lack of client to endpoint VPN is, that at the user has first to login to the OS and then to establish the VPN connection while a site to site connection is completely transparent (not realy visible) for the client. In case of client to endpoint VPN, you have to keep some policies into the scope:
Under computer - adm. templates - System - Group policy...
Group policy slow link detection (default 500 kbit)

The other policies may work by default, but maybe a point of fine tuning.
There are also some settings, how folder redirection is processed, you should have in mind, that folder redirection should usually happen, before the user desktop is loaded.

2.) In general yes. But as the Fortinet uses rules (like any other firewall) to decide, what is allowed and what not, you may have to add a rule, that VPN clients are allowed to connect to the internet. As the Fortinet is the endpoint of the VPN connection, the endpoint has to take care, that traffic from the VPN tunnel can be routed to the intranet / internet or wherever.

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Suggested Courses
Course of the Month16 days, 9 hours left to enroll

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question