Solved

Restrict Access to server shares via Sonicwall VPN

Posted on 2014-11-09
4
487 Views
Last Modified: 2014-12-05
Dear Experts,

I have a group of users whom while in the office can access three shares on one of our files servers. There is now a call for working remotely via VPN but I only what them to be able to access one of the shares on the server. Can I block certain shares on the same server for remote users????

Sonicwall NSA3500 (Latest Firmware)

File server Server 2008 r2

Domain servers 2008r2 (2003 functional level)

Many Thanks,
0
Comment
Question by:Treacher
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 13

Expert Comment

by:SagiEDoc
ID: 40432189
I highly doubt it will be possible to enforce a block on certain shares while allowing others for VPN users. Potentially (depending on what the users are doing with the files remotely) you could allow offline access on the folder you would like them to be able to update remotely. When the user connects to the domain again the changes will sync. Alternatively you could block access to the file server through the VPN, make a new file server and host the share on the new file server, then grant access through the VPN to the new file server.
0
 
LVL 64

Assisted Solution

by:btan
btan earned 334 total points
ID: 40432477
From Sonicwall help for SSL appliance, it stated local user or local group access policies can define the share path for more granular control
However, as a whole in their tbl, it stated application support for Global/Group/User Policies is not supported under "File Share (CIFS/SMB)". This may need more confirmation from the sonicwall support side
0
 
LVL 81

Accepted Solution

by:
David Johnson, CD, MVP earned 166 total points
ID: 40433090
the vpn appliance controls access to your network, once on the network smb and ntfs control permissions to access items on the network which means that if userA connects locally and has access to x,y,z shares this user will also have access to x,y,z shares through the vpn since they will be in defacto  local users.  The vpn users must use a different user account when logging in remotely to have different permissions.
0
 
LVL 64

Assisted Solution

by:btan
btan earned 334 total points
ID: 40434050
in fact if the ssl vpn user has access to the folder share, with provided link configured in the user access policy it is back to the match against authenticated ssl vpn users in accordance to their domain permission of the configured NT file shares.

May explore the file share at the server end for permission too since there is only one server per se to handle the permission and box to handle to allow vpn restriction only. it is better since the target server retain that final permission instead of depending on the perimeter box which can be changed/switched out etc and also for consistency against the user identity

the admin guide may be handy
http://www.sonicwall.com/downloads/SonicWALL_SSL_VPN_Administrators_Guide.pdf
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question