Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How Does this happen?  Remote Desktop MSTSC connects to SonicWall WAN address and then straight to our Terminal Server

Posted on 2014-02-07
4
Medium Priority
?
388 Views
Last Modified: 2014-02-10
We have a SonicWall TZ210, a Domain, a LAN with a Terminal Server and all works rather well.

Recently we distributed some laptops to our field staff and I installed SonicWall GVPN clients so they could log in to the SonicWall, authenticate as a SonicWall user, get a virtual local IP and run MSTSC to access our Terminal Server.
All that works PERFECTLY.

A few weeks later to my GREAT SURPRISE the notebook users tell me they no longer use the GVPN client because they can type in the WAN Address of the SonicWall ( which they read from the gvpn setup) IN  MSTSC and it then simply prompts for their Domain user credentials and pops them right into the Terminal Server.

While I am not a complete newbie to SonicWalls ( I support 5 of them around town) I was surprised and would like some more experienced SonicWall users to comment or give me some insight as to what is allowing this to happen.
0
Comment
Question by:azpete
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 26

Expert Comment

by:Soulja
ID: 39842718
Is the FW port forwarding to the terminal server? That what it sounds like it is doing.
0
 

Author Comment

by:azpete
ID: 39842796
Yes, I just spoke with the IT person who first setup the Sonicwall and he informed me that originally they did that for convenience of a vendor.  
I can look at where that happens in the FW but it does appear to be one step LESS secure.
Agreed ?
0
 
LVL 26

Accepted Solution

by:
Soulja earned 2000 total points
ID: 39842814
Yes, it is one step less secure. I would always require the users to VPN into the network first and then remote to a server from there. I even use this same design for my home network. Minimum ports open from the external side.
0
 
LVL 26

Expert Comment

by:Blue Street Tech
ID: 39847011
Hi azpete,

Agreed. Even if you lock down the Source IPs you are still susceptible to man-in-the-middle attacks. With VPN access for your vendors you can then terminate access whenever, explicitly control what they have access to and even setup a schedule to allow access only at specific times.

Let me know if you have any other questions!
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question