Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".


NetExtender on SMA 500v - group/client routes can be manually extended by users?

tabbittabbit Newbie ✭

Hi everybody,

we got a test with an SMA 500v on our site. In the network routes I opened up the routes to all necessary subnets with all machines which would be necessary for all teams.

Now we wanted to restric the access to specific servers for specific teams (e.g. support / back office / development). I tried to configure this by using the client and group routes and this works so far.

Anyway, it's possible on the client to manually add a route by using the "route add" command, thus it would be possible to override the setting and allow myself access to systems to which I shouldn't have access using VPN.

Example: My user account should not have access to a server with the IP - the route is properly configured for this in my group. Anyway, I can add access to all machines in the subnet by running this command as an admin on my Windows machine: "route add mask IF <netextender interface card>".

Is it possible to prevent this behavior?

Thanks a lot for your help on this...

Category: Secure Mobile Access Appliances

Best Answer

  • Options
    prestonpreston Enthusiast ✭✭
    edited August 2021 Answer ✓

    Hi @tabbit, you can set up policies per user domain / group etc to only allow access to certain IP addresses or ranges, so even if they overide the windows routing table the access is denied.

    just to be clear when setting up polcies you will not find IP Ranges as an option (not sure why) so you need to deny the whole subnet and allow the IP addresses which you want them to get to.


Sign In or Register to comment.