Network Drives over SSL VPN

Good Afternoon Everyone,

Setup:

Sophos Firewall - SG115

Old Servers - MS Windows Server 2008R2 / PowerEdge R710

Active Servers - MS Windows Server 2019 - PowerEdge R440

User - Dell Latitude 5580

Situation:

We recently did a server migration (that was an ABSOLUTE 3-month mess, but hopefully unrelated)

and since, a couple of users have been having issues with their VPN. Note that there are a few who

had a seamless transition. These users have personal laptops that they bring in for work-related

purposes. In this one user's case, he is currently able to connect to the network drives perfectly fine

when he is local, but when he tries to use his SSL VPN he can only see a couple of folders deep and

no files.

It shouldn't be a permissions issue because he can access them just fine locally. I've already triple-checked

DNS in the Firewall, VPN settings, and local servers. His laptop has DNS set to automatic. All VPN users use

X509 Certs, which are all valid until 2038.

Users were fine until during/after the server migration, now I have two or three users with this issue.

I'm in a rut and could use some help please.

Thanks,

Devon

  • My first impression/gut feeling says this isn't a UTM issue, but perhaps a Microsoft issue.

    Some things to check:

    • Offline files enabled for those users?  Might be a caching issue.
    • Access Based Enumeration enabled on your shares?  Might be an issue.
    • Is there any GPO involved you can check?
    • Did you try a login script to disconnect all of the shares and remap them to test if it may be something with the mapping? (I've had this before, found problems on a migration related to MS shares - for whatever reason).
    • Can you login to the laptop and check your mapped drives?  The migration may also affect child dependencies.  Uncheck and re-check the "Replace all child object permissions with inheritable permissions from this object" on the share.
    • Can you modify the permissions on the shares to open them for testing purposes?  Then lock them back down?

    UTM - 9.706 | Intel i3-4150 4th Gen Processor
    16GB Memory | 500GB SATA HDD | GB Ethernet x5

  • I did check offline files. When his access is limited like this it does say that they're offline, but I don't see an option anywhere to disable offline files.

    As mentioned above, this is a personal laptop. It's not joined to the domain, it's just able to access the mapped drives while connected to the network locally and, normally, over the VPN. No Folder Redirection or other Group Policies affect this laptop, so GPOs and Logon Scripts are out. Plus, because it's not joined to the domain, I had to manually connect the mapped drives on these devices. And yea, I checked those over and over making sure that they were added correctly, with no typos.

    It's not a permissions issue either, he can see the mapped drives perfectly fine when he's locally on the network, they only crap out over VPN.

    Basically, it looks like this:

    [LOCAL CONNECTION]

    1. \\SERVER\SHARE1
      1. Folder 1
        1. Folder 1a
          1. File 1
          2. File 2
        2. File 1
      2. Folder 2
        1. File 1
      3. File 1
      4. File 2
    2. \\SERVER\SHARE2
      1. Folder 1
        1. File 1
      2. Folder 2
        1. File 1
        2. File 2

    [SAME CONNECTION OVER VPN]

    1. \\SERVER\SHARE1
      1. Folder 1
        1. Folder 1a
          1. No Files
    2. \\SERVER\SHARE2 - Disconnected

  • Only other thing I can think off right off the top of my head is Network Discovery is turned off on the laptop.  It might be on when he is directly connected, but the VPN is considered another network, and that may be off for it. I'll rack my brain some more about this, but that's all I've got for now.  

    Other than that, did you check the logs on UTM to make sure there were no errors in the logs for that user? (Assuming they are added as a VPN user in the UTM).

    For kicks and giggles, did you try having them map a drive via server IP rather than DNS name just to be sure?

    UTM - 9.706 | Intel i3-4150 4th Gen Processor
    16GB Memory | 500GB SATA HDD | GB Ethernet x5

  • Hmmm... I can check the network discovery.

    He is a VPN user in the UTM, I did check the logs, but I didn't really see anything too out of place. At least nothing that stood out to me.

    I wasn't sure that mapping with an IP was technically possible. I can certainly give it a shot though.

  • Yeah, you most certainly can.  

    \\server\share would just be \\IP_address\share

    UTM - 9.706 | Intel i3-4150 4th Gen Processor
    16GB Memory | 500GB SATA HDD | GB Ethernet x5

  • Sorry for the late reply.

    I connected each drive, one at a time, using the IP instead of FQDN and it worked. 

    What would cause this and how can I fix it? So both IP and FQDN work, as they should.