Solved

Restrict Access to server shares via Sonicwall VPN

Posted on 2014-11-09
4
397 Views
Last Modified: 2014-12-05
Dear Experts,

I have a group of users whom while in the office can access three shares on one of our files servers. There is now a call for working remotely via VPN but I only what them to be able to access one of the shares on the server. Can I block certain shares on the same server for remote users????

Sonicwall NSA3500 (Latest Firmware)

File server Server 2008 r2

Domain servers 2008r2 (2003 functional level)

Many Thanks,
0
Comment
Question by:Treacher
  • 2
4 Comments
 
LVL 13

Expert Comment

by:SagiEDoc
ID: 40432189
I highly doubt it will be possible to enforce a block on certain shares while allowing others for VPN users. Potentially (depending on what the users are doing with the files remotely) you could allow offline access on the folder you would like them to be able to update remotely. When the user connects to the domain again the changes will sync. Alternatively you could block access to the file server through the VPN, make a new file server and host the share on the new file server, then grant access through the VPN to the new file server.
0
 
LVL 62

Assisted Solution

by:btan
btan earned 334 total points
ID: 40432477
From Sonicwall help for SSL appliance, it stated local user or local group access policies can define the share path for more granular control
However, as a whole in their tbl, it stated application support for Global/Group/User Policies is not supported under "File Share (CIFS/SMB)". This may need more confirmation from the sonicwall support side
0
 
LVL 79

Accepted Solution

by:
David Johnson, CD, MVP earned 166 total points
ID: 40433090
the vpn appliance controls access to your network, once on the network smb and ntfs control permissions to access items on the network which means that if userA connects locally and has access to x,y,z shares this user will also have access to x,y,z shares through the vpn since they will be in defacto  local users.  The vpn users must use a different user account when logging in remotely to have different permissions.
0
 
LVL 62

Assisted Solution

by:btan
btan earned 334 total points
ID: 40434050
in fact if the ssl vpn user has access to the folder share, with provided link configured in the user access policy it is back to the match against authenticated ssl vpn users in accordance to their domain permission of the configured NT file shares.

May explore the file share at the server end for permission too since there is only one server per se to handle the permission and box to handle to allow vpn restriction only. it is better since the target server retain that final permission instead of depending on the perimeter box which can be changed/switched out etc and also for consistency against the user identity

the admin guide may be handy
http://www.sonicwall.com/downloads/SonicWALL_SSL_VPN_Administrators_Guide.pdf
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question