cancel
Showing results for 
Search instead for 
Did you mean: 

Question re Network Connect exit

SOLVED
theresa_
New Contributor

Question re Network Connect exit

Can anyone help i am running 2 x SA6000 boxes with OS 6.2.R1 and have a number of roles setup. I have setup a new role that basically runs Network Connect ( so that we can disable Split-Tunnelling) without any end-point checks which allows access to a number of web sites and terminal service to their pc in the office.

This role works fine except that i have noticed a flaw in that a user can exit out of network connect, which will then enable Split-Tunnelling and allow them to still access the web resources and their terminal service sessions.

Can anyone recommend a solution whereby when a user clicks on exit it will either close the tunnel or restart Network Connect.

Many Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Mrkool_
Super Contributor

Re: Question re Network Connect exit

well if your users are using RDP over the full tunnel than they are usign internal IP addresses to access their computers. If you dissconnect network connect there is no way their terminal sessions will stay open the only way this will work is if they have created web bookmarks on the SSL portal. This way there are two tunnels basically. One is the full tunnel and the other is the webonly tunnel. What you need is either create two relams and let users choose if they want to do just web or full tunnel. In the web delete the initial open policy and only allow access to the resourcesd you define. than on the full tunnel just enable network connect and nothign else no rdp no web nothing. and this should solve your issue.

View solution in original post

3 REPLIES 3
firewall72_
Frequent Contributor

Re: Question re Network Connect exit

Hi Theresa,

It sounds like you don't want your users using the Terminal or Web bookmarks without Network Connect, yes? I think you may be able to set your bookmarks to the internal IP and then block re-write. This would force users to be connected via NC in order to connect. Other than that, I'm not sure if what you're looking for is possible. Let me know if I'm in the ball park.

-John

theresa_
New Contributor

Re: Question re Network Connect exit

Hi John,

Yes - i dont want users to have access to resources without Network Connect running because of the Split-Tunnelling function.

Your suggestion for using the internal IP and then block re-write sounds good but i do not think it will be manageable for the Terminal services sessions as the users log on to their own machines potentially 1000 different addresses( unless i misunderstand you).

What would be really good if there was a way that i can chop the tunnel as soon a NC Process is stopped for example, i dont think would be possible without NC running?? Any help would be greatly appreciated.

Mrkool_
Super Contributor

Re: Question re Network Connect exit

well if your users are using RDP over the full tunnel than they are usign internal IP addresses to access their computers. If you dissconnect network connect there is no way their terminal sessions will stay open the only way this will work is if they have created web bookmarks on the SSL portal. This way there are two tunnels basically. One is the full tunnel and the other is the webonly tunnel. What you need is either create two relams and let users choose if they want to do just web or full tunnel. In the web delete the initial open policy and only allow access to the resourcesd you define. than on the full tunnel just enable network connect and nothign else no rdp no web nothing. and this should solve your issue.