IKEv2 routing and internal access
During Covid we had remote users coming in with IKEv2 and RDP to their workstations. Now we have the need to allow a client/server connection with SMB access to one server.
I've set up IKEv2 with a user Firebox account. Created an SMB policy with that FB user to the Windows server. Testing everything works by using IP address of the server, the user get a Windows Authentication prompt and sees the shares using their domain creds.
But.. if I do the same thing using another internal server address, they also get access to shares (they are entitled to) using their domain creds. I didn't want that behaviour.
So what am I missing here? The Auto-Order Mode is enabled but I don't see another policy that it might be leaking into first.