IKEv2 routing and internal access

BarryGBarryG
edited December 2023 in Firebox - VPN Mobile User

During Covid we had remote users coming in with IKEv2 and RDP to their workstations. Now we have the need to allow a client/server connection with SMB access to one server.
I've set up IKEv2 with a user Firebox account. Created an SMB policy with that FB user to the Windows server. Testing everything works by using IP address of the server, the user get a Windows Authentication prompt and sees the shares using their domain creds.

But.. if I do the same thing using another internal server address, they also get access to shares (they are entitled to) using their domain creds. I didn't want that behaviour.
So what am I missing here? The Auto-Order Mode is enabled but I don't see another policy that it might be leaking into first.

Comments

  • james.carsonjames.carson

    Hi Barry,

    You would need to delete the default Allow IKEv2 Users policy and create your own. The default policy allows all traffic to any internal host.

  • BarryGBarryG

    Ok. Thanks James.

Sign In to comment.