Restrict Access to server shares via Sonicwall VPN

Treacher
Treacher used Ask the Experts™
on
Dear Experts,

I have a group of users whom while in the office can access three shares on one of our files servers. There is now a call for working remotely via VPN but I only what them to be able to access one of the shares on the server. Can I block certain shares on the same server for remote users????

Sonicwall NSA3500 (Latest Firmware)

File server Server 2008 r2

Domain servers 2008r2 (2003 functional level)

Many Thanks,
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
I highly doubt it will be possible to enforce a block on certain shares while allowing others for VPN users. Potentially (depending on what the users are doing with the files remotely) you could allow offline access on the folder you would like them to be able to update remotely. When the user connects to the domain again the changes will sync. Alternatively you could block access to the file server through the VPN, make a new file server and host the share on the new file server, then grant access through the VPN to the new file server.
btanExec Consultant
Distinguished Expert 2018
Commented:
From Sonicwall help for SSL appliance, it stated local user or local group access policies can define the share path for more granular control
However, as a whole in their tbl, it stated application support for Global/Group/User Policies is not supported under "File Share (CIFS/SMB)". This may need more confirmation from the sonicwall support side
Top Expert 2016
Commented:
the vpn appliance controls access to your network, once on the network smb and ntfs control permissions to access items on the network which means that if userA connects locally and has access to x,y,z shares this user will also have access to x,y,z shares through the vpn since they will be in defacto  local users.  The vpn users must use a different user account when logging in remotely to have different permissions.
btanExec Consultant
Distinguished Expert 2018
Commented:
in fact if the ssl vpn user has access to the folder share, with provided link configured in the user access policy it is back to the match against authenticated ssl vpn users in accordance to their domain permission of the configured NT file shares.

May explore the file share at the server end for permission too since there is only one server per se to handle the permission and box to handle to allow vpn restriction only. it is better since the target server retain that final permission instead of depending on the perimeter box which can be changed/switched out etc and also for consistency against the user identity

the admin guide may be handy
http://www.sonicwall.com/downloads/SonicWALL_SSL_VPN_Administrators_Guide.pdf

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial