SonicWall SSL-VPN 200

Hi,

I've been trying to contact Sonicwall's support, but they refuse to
talk me as my support contract is over. I feel this is a major
security / design problem in the device and I'm hoping someone can
help me in this forum..

My global policy states:

IP address range 192.168.1.0 to 192.168.1.255 Deny all services

Local group named: TPATS with no additional policy

Local user named: premium-tpats with following policy

Permit File Share (CIFS/SMB) 192.168.1.103/tpats

The problem is the following:
- User logs in
- User clicks on a bookmark to browse files
- User clicks on "up"
- User gets the following message: Error: Policy restriction. You do
not have
access to this share
- User then clicks on "entire network" on left hand side
- User can then access files on all of the network shares of the
network

I've also tried addiing again a Deny File Share (CIFS/SMB)
192.168.1.0-
192.168.1.255 policy on user but user still has access to whole
network.
I've even tried to add a Deny File Share for a specific IP (rather
than a range)
and user still has access. What works is a Deny all services on all
addresses, but then, users can upload files anymore...

Re: SonicWall SSL-VPN 200

On Fri, 27 Jul 2007 15:30:41 -0000 goglorieux@hotmail.com wrote:

| I've been trying to contact Sonicwall's support, but they refuse to
| talk me as my support contract is over. I feel this is a major
| security / design problem in the device and I'm hoping someone can
| help me in this forum..

Why not just renew your contract? If you want to pay money for a
firewall instead of build it yourself and hope for free community
support, then you should want to pay for the support, too.


| My global policy states:
|
| IP address range 192.168.1.0 to 192.168.1.255 Deny all services
|
| Local group named: TPATS with no additional policy
|
| Local user named: premium-tpats with following policy
|
| Permit File Share (CIFS/SMB) 192.168.1.103/tpats
|
| The problem is the following:
| - User logs in
| - User clicks on a bookmark to browse files
| - User clicks on "up"
| - User gets the following message: Error: Policy restriction. You do
| not have
| access to this share
| - User then clicks on "entire network" on left hand side
| - User can then access files on all of the network shares of the
| network
|
| I've also tried addiing again a Deny File Share (CIFS/SMB)
| 192.168.1.0-
| 192.168.1.255 policy on user but user still has access to whole
| network.
| I've even tried to add a Deny File Share for a specific IP (rather
| than a range)
| and user still has access. What works is a Deny all services on all
| addresses, but then, users can upload files anymore...

Are you talking about trying to restrict a user within your network from
accessing file shares from other machines on the very same network where
such packets do not go through, or to, the firewall at all?

--
|---------------------------------------/------------------- ---------------|
| Phil Howard KA9WGN (ka9wgn.ham.org) / Do not send to the address below |
| first name lower case at ipal.net / spamtrap-2007-07-27-1147@ipal.net |
|------------------------------------/---------------------- ---------------|