Blocking devices from accessing network without vpn

Question

hi, 
 
 we had an incident where when of our devices had an attempt of access but with failure due to wrong password trials. I an suspecting that this device was on an unknown network outside our organization due to work from home policy we have. Is there any way we can block people from accessing the network other than our domain network unless they vpn? or any other better ideas? 
 
 Thanks

Mayur Makvana · Accepted Answer

Hello Reem Jalal Eddine , 
 As they need to connect to the VPN to access the resources of your local network. It is advisable to have endpoints installed to secure transmission. 
 We can control incoming connection for the VPN establishment by allowing specific network range in Local ACL. However, as the end user IP changes they are likely to be updated in the firewall else they will not be able to connect VPN.

Wayne Folta · Answer

These devices are owned by the company, correct? If so, you should look at things like Sophos' Intercept X endpoint software, which allow you to control user actions on the device and can scan for viruses, etc. You would need to make sure that the user does NOT have admin access: you control the admin login and the user gets a non-admin login. They may not like it, but that's too bad -- it's your device, not theirs. If the devices are their own, that's another matter., of course. 
 You manage Intercept X via Sophos Central (cloud). You can restrict things like usage of USB devices, what software can run, what websites can be accessed, etc, and can see activity reports. 
 I think you can use Intercept X to only allow connections to your domain (and anything that's needed to set up a VPN connection like Cloudflare DNS servers, etc).

Blocking devices from accessing network without vpn

Top Replies