Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 684
  • Last Modified:

Restrict Access to server shares via Sonicwall VPN

Dear Experts,

I have a group of users whom while in the office can access three shares on one of our files servers. There is now a call for working remotely via VPN but I only what them to be able to access one of the shares on the server. Can I block certain shares on the same server for remote users????

Sonicwall NSA3500 (Latest Firmware)

File server Server 2008 r2

Domain servers 2008r2 (2003 functional level)

Many Thanks,
0
Treacher
Asked:
Treacher
  • 2
3 Solutions
 
SagiEDocCommented:
I highly doubt it will be possible to enforce a block on certain shares while allowing others for VPN users. Potentially (depending on what the users are doing with the files remotely) you could allow offline access on the folder you would like them to be able to update remotely. When the user connects to the domain again the changes will sync. Alternatively you could block access to the file server through the VPN, make a new file server and host the share on the new file server, then grant access through the VPN to the new file server.
0
 
btanExec ConsultantCommented:
From Sonicwall help for SSL appliance, it stated local user or local group access policies can define the share path for more granular control
However, as a whole in their tbl, it stated application support for Global/Group/User Policies is not supported under "File Share (CIFS/SMB)". This may need more confirmation from the sonicwall support side
0
 
David Johnson, CD, MVPOwnerCommented:
the vpn appliance controls access to your network, once on the network smb and ntfs control permissions to access items on the network which means that if userA connects locally and has access to x,y,z shares this user will also have access to x,y,z shares through the vpn since they will be in defacto  local users.  The vpn users must use a different user account when logging in remotely to have different permissions.
0
 
btanExec ConsultantCommented:
in fact if the ssl vpn user has access to the folder share, with provided link configured in the user access policy it is back to the match against authenticated ssl vpn users in accordance to their domain permission of the configured NT file shares.

May explore the file share at the server end for permission too since there is only one server per se to handle the permission and box to handle to allow vpn restriction only. it is better since the target server retain that final permission instead of depending on the perimeter box which can be changed/switched out etc and also for consistency against the user identity

the admin guide may be handy
http://www.sonicwall.com/downloads/SonicWALL_SSL_VPN_Administrators_Guide.pdf
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now