Access to shares with SSL VPN?

generaltab · ‎07-07-2006

Well, this may seem silly, but it' s not obvious to me what I should be able to access now that I have SSL VPN working. I can log in to the web portal as a tunnel user, but how can I access network shares, for instance? Thanks!

wcbenyip · ‎07-09-2006

Once you logged in the Tunnel Mode, just minimize the browser window, and working just like in the office eg) use ' net view' or ' explorer' to view the shared resource on PC/Server (you need to login to that host first because you are not joining the same domain~) If you have set your internal DNS server for the SSLVPN, you can use hostname instead of internal ip address~

Protect yourself~ http://www.secunia.com MBCS CEH FCNSA

generaltab · ‎07-10-2006

Thanks! What' s the best/easiest way to instruct remote users to login after establishing the VPN? Is there a way to automate this to reduce the number of steps needed to access network shares?

generaltab · ‎07-10-2006

I got ahead of myself a little. When I try ' net use' after establishing the VPN, or try to map a drive from Explorer, I' m prompted to login, but it fails every time. Also, once I establish the VPN, I' m unable to resolve names, even though I specified my name servers in the advanced SSL-VPN settings. Do I have to allow DNS through the firewall to use it from the remote VPN? What are the common causes of domain login failures? Thanks again!

Report Inappropriate Content · ‎07-18-2006

Not that this helps, but I' m having the same issue. The SSL-VPN DNS server list is configured with the internal network' s DNS servers. Yet no SSL-VPN client can resolve internal DNS names. Update: If your NOT using a split tunnel DNS works if you use the FQDN (example: server.mycomany.local versus server) If your using split tunnel and a static route DNS isn' t going to work. It would be nice if the " DNS suffix for this conection" of the fortiSSL adapter could be specified on the FG. That would alleviate the FQDN requirement for DNS.

generaltab · ‎07-18-2006

This really helped, thanks. I was able to map network shares using the FQDN after establishing the VPN (i.e. net use z: \\server.mycompany.local\sharename). Now all that remains is to figure out how to make this a little easier for my remote users. Can a login script be initiated by the SSL-VPN web portal? I was prompted to login to access the mapped drive. Can credentials be stored somewhere? Any suggestions as to how all of this might be made as simple as possible for client connections? Thanks again!

generaltab · ‎07-18-2006

It occurred to me that I could use Map Network Drive from Windows Explorer and choose " Reconnect at logon" and " Connect using a different user name" to provide pre-mapped drives. Unfortunately, the FQDN isn' t found when using Map Network Drive, as it was with ' net use' . There' s got to be a better way..

wcbenyip · ‎07-20-2006

I think it would also need to refer to your company policy, about whether the staff can copy the company data/resource to their home pc; and there should be a measurement in forcing the home PCs with AV sw and security patch installed... bababa.... Anyway, I would recommend allowing the users to access their office own PC thru RDP or VNC only, so that they are no need to copy from and copy back to the company server, the most important point is, you can teach them how to use the RDP (pre-loaded in XP) with the standardized computer name format like ' General_Tab' on the RDP dialog~

Once they are connected to their office PC, they are bound by the company policy / FW policy to handle the company data~

Protect yourself~ http://www.secunia.com MBCS CEH FCNSA

Access to shares with SSL VPN?

Nominate a Forum Post for Knowledge Article Creation