Curious about remote employee workflow

Follow

Steve

• May 09, 2024 23:37

We have purchased a firewalla to begin testing a use case. We are looking to start allowing content editors to edit remotely on a company provided machine. This machine needs limited internet access to only the required services. Simple enough. My question comes about network configuration/push-back from employees who might not want all their home network to be visible from a companies standpoint ( We need logs of this machine to be compliant etc)

I was looking into the Use-Case link on the Firewalla site and some different modes the Firewalla can be deployed. I'm thinking if an employee does not want to converge his home network with this company owned machine/firewalla - can we just run a connection from his at home Modem/Router assuming there are multiple ports. And just treat that connection as the WAN (seems like this is a double NAT thing, right? )

Curious if anyone has experience blow back from this.

Thanks again in advance.

0

• 

  Firewalla

  • May 10, 2024 02:38

  Case 1: Firewalla running WireGuard VPN Server

  • employee install VPN client on their PC/MAC and use that to connect
  • Once they are connected, firewalla will see everything from that PC/MAC. 
  • If the PC/MAC belongs to the employee, then you will be logging their activities, if they are on VPN

  I do believe (untested) some VPN client can limit the traffic to VPN... (meaning, only allow your company traffic to the server)

  Case 2: Firewalla running WireGuard VPN Server and Employee also has firewalla running VPN Client at their home

  • You can configure (via employee's firewalla) a connected employee PC/MAC to send normal internet to the local ISP, and anything related to your company through VPN. example https://help.firewalla.com/hc/en-us/articles/360023379953-VPN-Client
  • You can also selectively configure different services/IP/domain via PBR, and that will route their traffic to your server.
  • Here the employee can configure what to send to you ... and you log everything on the server side.
    
    
  • More examples here https://help.firewalla.com/hc/en-us/articles/4408977159187-Using-Firewalla-Policy-Based-Routing-with-VPN-and-Multi-WAN-Features

  1

  Comment actions Permalink

Please sign in to leave a comment.