IKEv2 routing and internal access

During Covid we had remote users coming in with IKEv2 and RDP to their workstations. Now we have the need to allow a client/server connection with SMB access to one server.
I've set up IKEv2 with a user Firebox account. Created an SMB policy with that FB user to the Windows server. Testing everything works by using IP address of the server, the user get a Windows Authentication prompt and sees the shares using their domain creds.

But.. if I do the same thing using another internal server address, they also get access to shares (they are entitled to) using their domain creds. I didn't want that behaviour.
So what am I missing here? The Auto-Order Mode is enabled but I don't see another policy that it might be leaking into first.

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi Barry,

    You would need to delete the default Allow IKEv2 Users policy and create your own. The default policy allows all traffic to any internal host.

    -James Carson
    WatchGuard Customer Support

  • Ok. Thanks James.

Sign In to comment.