This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

access folder from remote system

need a secure connection from a remote workstation to a specific folder of the second site. Do not want other access beyond data transfer between this folder and the one workstation.



This thread was automatically locked due to age.
  • Would build a ssl-vpn connection without "auto firewall rules"

    Build firewall rules necessary allowing filetransfer and authentication.

    More hints need more information about server type, transfer method, domain/single, ...


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Servers both sides 2012 R2, Sophos SG135 both sides, single domain, same client, some of the staff travels between the sites and need access from remote site to a single folder.

    No other staff needs access other than from the one remote workstation. Data files only no movies or large structures.

    Charles Sterling CISSP

  • SMB is not encrypted, so you need a VPN tunnel between the two devices.

    Since you want to restrict access to one source device, it needs to be a VPN tunnel rather than a VPN client connection.

    Then you need a firewall rule based on source IP, destination IP, and target port.   Same as any other firewall product.   SMBv2 uses port 445.

    Is there some additional complexity that you did not explain in your first post?

     

       

     

  • If i am receiving you well, you are directing me to what i was thinking in that the SG135 has responsibility to the allowing of traffic through it but it is not the actual source of making the connection where the VPN Tunnel (perhaps a 3rd party product) would make the end-to-end connection and so in a secure means to move company data. The connection is literally workstation to Share Folder connectivity (on the Domain Server). Traffic, from a usage view, will be random but may have to move 100GB as fast as possible. The Internet connection is Comcast 150/20 on both ends. With the required filtering, for this client, the daily bandwidth is ~50/20.

    I'll likely target setting up a test to validate / demo to the client that the connection is secure and to set some speed expectations.

    Charles Sterling CISSP

  • Should have included the workstations are mostly upgraded to W10 Enterprise and is so for the system of this discussion. The Servers are 2012 R2 on both ends.

    Charles Sterling CISSP

  • You are missing a lot of the point.

    UTM supports site-to-site tunnels using either SSL or IKEv1+IPSEC.   No need for third party product.

    If your devices at separate sites are part of the same domain, you need more open addresses and ports so that the remote devices can reach local DCs or remote DCs can reach local DCs.

    Sounds like you need a network consultant.   These are not concepts that we can teach in this forum, and these are not tasks that require arcane skill in UTM.  You do need to understand some important things about how Active Directory communicates and some basic things about firewalls.   The problem with firewalls is that you cannot afford to make a mistake that leaves an opening for port-scanning bad guys.   You have to be right the first time out, and every time you make a change.