NetExtender on SMA 500v - group/client routes can be manually extended by users?
we got a test with an SMA 500v on our site. In the network routes I opened up the routes to all necessary subnets with all machines which would be necessary for all teams.
Now we wanted to restric the access to specific servers for specific teams (e.g. support / back office / development). I tried to configure this by using the client and group routes and this works so far.
Anyway, it's possible on the client to manually add a route by using the "route add" command, thus it would be possible to override the setting and allow myself access to systems to which I shouldn't have access using VPN.
Example: My user account should not have access to a server with the IP 10.10.10.10 - the route is properly configured for this in my group. Anyway, I can add access to all machines in the 10.10.10.0 subnet by running this command as an admin on my Windows machine: "route add 10.10.10.0 mask 255.255.255.0 0.0.0.0 IF <netextender interface card>".
Is it possible to prevent this behavior?
Thanks a lot for your help on this...