need a secure connection from a remote workstation to a specific folder of the second site. Do not want other access beyond data transfer between this folder and the one workstation.
This thread was automatically locked due to age.
need a secure connection from a remote workstation to a specific folder of the second site. Do not want other access beyond data transfer between this folder and the one workstation.
SMB is not encrypted, so you need a VPN tunnel between the two devices.
Since you want to restrict access to one source device, it needs to be a VPN tunnel rather than a VPN client connection.
Then you need a firewall rule based on source IP, destination IP, and target port. Same as any other firewall product. SMBv2 uses port 445.
Is there some additional complexity that you did not explain in your first post?
If i am receiving you well, you are directing me to what i was thinking in that the SG135 has responsibility to the allowing of traffic through it but it is not the actual source of making the connection where the VPN Tunnel (perhaps a 3rd party product) would make the end-to-end connection and so in a secure means to move company data. The connection is literally workstation to Share Folder connectivity (on the Domain Server). Traffic, from a usage view, will be random but may have to move 100GB as fast as possible. The Internet connection is Comcast 150/20 on both ends. With the required filtering, for this client, the daily bandwidth is ~50/20.
I'll likely target setting up a test to validate / demo to the client that the connection is secure and to set some speed expectations.
Charles Sterling CISSP
Should have included the workstations are mostly upgraded to W10 Enterprise and is so for the system of this discussion. The Servers are 2012 R2 on both ends.
Charles Sterling CISSP
You are missing a lot of the point.
UTM supports site-to-site tunnels using either SSL or IKEv1+IPSEC. No need for third party product.
If your devices at separate sites are part of the same domain, you need more open addresses and ports so that the remote devices can reach local DCs or remote DCs can reach local DCs.
Sounds like you need a network consultant. These are not concepts that we can teach in this forum, and these are not tasks that require arcane skill in UTM. You do need to understand some important things about how Active Directory communicates and some basic things about firewalls. The problem with firewalls is that you cannot afford to make a mistake that leaves an opening for port-scanning bad guys. You have to be right the first time out, and every time you make a change.
You are missing a lot of the point.
UTM supports site-to-site tunnels using either SSL or IKEv1+IPSEC. No need for third party product.
If your devices at separate sites are part of the same domain, you need more open addresses and ports so that the remote devices can reach local DCs or remote DCs can reach local DCs.
Sounds like you need a network consultant. These are not concepts that we can teach in this forum, and these are not tasks that require arcane skill in UTM. You do need to understand some important things about how Active Directory communicates and some basic things about firewalls. The problem with firewalls is that you cannot afford to make a mistake that leaves an opening for port-scanning bad guys. You have to be right the first time out, and every time you make a change.