Solved

Restrict Access to server shares via Sonicwall VPN

Posted on 2014-11-09
4
345 Views
Last Modified: 2014-12-05
Dear Experts,

I have a group of users whom while in the office can access three shares on one of our files servers. There is now a call for working remotely via VPN but I only what them to be able to access one of the shares on the server. Can I block certain shares on the same server for remote users????

Sonicwall NSA3500 (Latest Firmware)

File server Server 2008 r2

Domain servers 2008r2 (2003 functional level)

Many Thanks,
0
Comment
Question by:Treacher
  • 2
4 Comments
 
LVL 13

Expert Comment

by:SagiEDoc
Comment Utility
I highly doubt it will be possible to enforce a block on certain shares while allowing others for VPN users. Potentially (depending on what the users are doing with the files remotely) you could allow offline access on the folder you would like them to be able to update remotely. When the user connects to the domain again the changes will sync. Alternatively you could block access to the file server through the VPN, make a new file server and host the share on the new file server, then grant access through the VPN to the new file server.
0
 
LVL 61

Assisted Solution

by:btan
btan earned 334 total points
Comment Utility
From Sonicwall help for SSL appliance, it stated local user or local group access policies can define the share path for more granular control
However, as a whole in their tbl, it stated application support for Global/Group/User Policies is not supported under "File Share (CIFS/SMB)". This may need more confirmation from the sonicwall support side
0
 
LVL 78

Accepted Solution

by:
David Johnson, CD, MVP earned 166 total points
Comment Utility
the vpn appliance controls access to your network, once on the network smb and ntfs control permissions to access items on the network which means that if userA connects locally and has access to x,y,z shares this user will also have access to x,y,z shares through the vpn since they will be in defacto  local users.  The vpn users must use a different user account when logging in remotely to have different permissions.
0
 
LVL 61

Assisted Solution

by:btan
btan earned 334 total points
Comment Utility
in fact if the ssl vpn user has access to the folder share, with provided link configured in the user access policy it is back to the match against authenticated ssl vpn users in accordance to their domain permission of the configured NT file shares.

May explore the file share at the server end for permission too since there is only one server per se to handle the permission and box to handle to allow vpn restriction only. it is better since the target server retain that final permission instead of depending on the perimeter box which can be changed/switched out etc and also for consistency against the user identity

the admin guide may be handy
http://www.sonicwall.com/downloads/SonicWALL_SSL_VPN_Administrators_Guide.pdf
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now