I have a number of companies I work with that use Sonicwall kit, most of whom have their sonicwall integrated into LDAP, and most of whom are 100% Windows 10 environments and want to use RDP over their VPN.
I've struggled with a way to get this streamlined to deploy, and was looking for a sanity check and/or a bit of feedback on using the Global VPN client (or netextender), versus built-in Windows VPN client and also rolling out RDP profiles for an entire network of users.
Right now, set up is very much so a manual, hands on task. If we push out a GPO with built-in Windows VPN profiles that in theory should work with Sonicwall's settings, they never seem to work the first go-round. We'll set the Sonicwall up to use IKE with PSK and then the L2TP server - but there will always be some misconfiguration there. Sometimes it's that the shared secret isn't in the VPN profile for some reason. Sometimes, MSchapV2 isn't the default authentication method, and the VPN connection will time out. Regardless, I'll have to fiddle with it on each individual machine and each user account to get it working the first time. RDP profiles work more smoothly, but still need to at least set up the machine name, accept the self-signed security certificate the first time we connect.
Using the Global VPN client or Netextender also seems a bit hit or miss, and difficult to roll out. Some users won't have permission to install software on their machines, so our GPOs won't always kick off successfully - and then pre-storing credentials and profiles never seems to work as well as we'd like - could entirely be user error on our part though.
Anyways - just curious if anyone has any best practices or just wants to sanity check me on this. Any links or words of wisdom welcome!
No comments:
Post a Comment