We have two XG135 in active-passive HA running firmware 18 MR5. System is running for about a month and everything is working fine, except one thing: When i go to VPN > SSLVPN remote access and make changes to the networks listed in "permitted network ressources (IPv4)" and reconnect the SSLVPN-client from external, still the old routes are set while dialing in.
This is the case when I connect with a client PC which is running Windows 10 as well as Ubuntu Linux, so type of client makes no difference. I found that the changes apply, when I reboot both firewall devices. But I do not want to reboot the firewall everytime I make a small change there...
I am distinguishing three different User Groups by "Identity" for SSLVPN remote access, but the problem appears independent of the group a SSLVPN-client user is in.
Here is a fresh example of a SSLVPN-client's log:
Tue Aug 10 11:03:25 2021 MANAGEMENT: >STATE:1628586205,GET_CONFIG,,,,,,
Tue Aug 10 11:03:26 2021 SENT CONTROL [Appliance_Certificate_XXXXXXXXXXXXXXX]: 'PUSH_REQUEST' (status=1)
Tue Aug 10 11:03:26 2021 PUSH: Received control message: 'PUSH_REPLY,route-gateway 172.16.23.100,sndbuf 0,rcvbuf 0,sndbuf 0,rcvbuf 0,ping 45,ping-restart 180,route 10.13.0.0 255.255.255.0,route 10.14.0.0 255.255.255.0,route 10.13.4.0 255.255.255.0,route 10.13.6.0 255.255.255.0,topology subnet,route remote_host 255.255.255.255 net_gateway,inactive 900 7680,ifconfig 172.16.23.101 255.255.255.0'
These values in route after "PUSH:...PUSH_REPLY..." are not valid anymore, I changed them about 24 hours ago in SSLVPN remote access configuration on the firewall. Rebooting client PC does not help either.
What can I do? Is there a way to force applying these changes without rebooting the firewall system?
This thread was automatically locked due to age.
