Solved

How Does this happen?  Remote Desktop MSTSC connects to SonicWall WAN address and then straight to our Terminal Server

Posted on 2014-02-07
4
383 Views
Last Modified: 2014-02-10
We have a SonicWall TZ210, a Domain, a LAN with a Terminal Server and all works rather well.

Recently we distributed some laptops to our field staff and I installed SonicWall GVPN clients so they could log in to the SonicWall, authenticate as a SonicWall user, get a virtual local IP and run MSTSC to access our Terminal Server.
All that works PERFECTLY.

A few weeks later to my GREAT SURPRISE the notebook users tell me they no longer use the GVPN client because they can type in the WAN Address of the SonicWall ( which they read from the gvpn setup) IN  MSTSC and it then simply prompts for their Domain user credentials and pops them right into the Terminal Server.

While I am not a complete newbie to SonicWalls ( I support 5 of them around town) I was surprised and would like some more experienced SonicWall users to comment or give me some insight as to what is allowing this to happen.
0
Comment
Question by:azpete
  • 2
4 Comments
 
LVL 26

Expert Comment

by:Soulja
ID: 39842718
Is the FW port forwarding to the terminal server? That what it sounds like it is doing.
0
 

Author Comment

by:azpete
ID: 39842796
Yes, I just spoke with the IT person who first setup the Sonicwall and he informed me that originally they did that for convenience of a vendor.  
I can look at where that happens in the FW but it does appear to be one step LESS secure.
Agreed ?
0
 
LVL 26

Accepted Solution

by:
Soulja earned 500 total points
ID: 39842814
Yes, it is one step less secure. I would always require the users to VPN into the network first and then remote to a server from there. I even use this same design for my home network. Minimum ports open from the external side.
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39847011
Hi azpete,

Agreed. Even if you lock down the Source IPs you are still susceptible to man-in-the-middle attacks. With VPN access for your vendors you can then terminate access whenever, explicitly control what they have access to and even setup a schedule to allow access only at specific times.

Let me know if you have any other questions!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Confused about VPN connection and private IP addresses..?? 5 67
AWS Design\Cisco Meraki 4 34
Sonicwall guest user accounts 2 21
ASA 5505 packet drops 14 43
OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question