Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

How to create Portal that allows NetExtender to only one IP?

Craig_SCraig_S Newbie ✭
in Secure Mobile Access Appliances

Running a SMA 410 that currently allows access to our network for our employees with the NetExtender and Virtual Office. We host an application that requires the client to make numerous TCP connections to the server and we need to support other countries to connect to it. I'd like to create a second domain/portal that will only allow NetExtender access to one IP address in our network (instead of the entire network) for those other countries.

Short of purchasing a second device, is it possible (and if so, how)? I can't seem to wrap my head creating it.

Thanks in advance for any suggestions on how to do this.

Category: Secure Mobile Access Appliances
Reply

Best Answer

  • CORRECT ANSWER
    BWCBWC Cybersecurity Overlord ✭✭✭
    Answer ✓

    Hi @Craig_S this can be accomplished with the correct Policies. I always have a Deny ALL Policy with Priority 9999 and give the Users or Groups the needed Access by specific Allow Rules.

    IMHO you don't need a 2nd portal, assign the Deny ALL Rule to the Domain (Group), put your internal Users in one Group 'Internal' and allow the access to the Network with a Policy (Priority 1). Add a 2nd Group "External" to the Domain and allow just the single IP with a Policy (Priority 1).

    This should do the trick.

    --Michael@BWC

Answers

  • Craig_SCraig_S Newbie ✭

    Thanks @BWC, I'll examine the policy route, but because of ECP profiles (particularly making sure the computer is a member of the domain and AV requirements), I think I'm dead in the water pursuing this without turning off ECP.

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @Craig_S do you mean that your "External" User should connect without ECP?

    --Michael@BWC

  • Craig_SCraig_S Newbie ✭

    Yes, that is correct. The External users would not be subjected to an ECP inspection. Can this be controlled via policy?

  • BWCBWC Cybersecurity Overlord ✭✭✭

    EPC is enforced on Global, Group or User-Level, shouldn't it be fine if you disable EPC on your "External" User or Group? The Policies are just there for restricting access to Resources/Services.

    --Michael@BWC

  • Craig_SCraig_S Newbie ✭

    Found it! Thank you, I was looking for EPC usage under the domain/portal and when I couldn't find it, I assumed it was an all or nothing setting. I truly appreciate your help.

Sign In or Register to comment.