Hello - I'm trying to understand how our XG firewall deals with multiple policies for SSL VPN. Our users belong to various groups, which assign networks that they have access to once they log in. And thats working fine.
Now, some users are part of a group which assigns an SSL VPN policy, and then on the user object itself, they'll have a different remote access VPN policy selected. Underneath that line item, is one that's called "Other applied remote access policy/policies". The policy that's assigned by group is shown there. So some users have this policy from the group, and then a different policy that's been directly assigned.
I have one user who couldn't connect to a resource at their site. Issue was that they didn't have the right policy directly assigned, and thus when they connected they didn't get the network route added for their site. So I changed this - so now they still had the policy assigned from the group, but now have the correct policy assigned directly to their user.
Problem is, when they connect the route STILL is not added in windows. So they have no route to this network, and thus can't get to any resources there.
Kicker is, I have another user - same settings in Sophos XG as the problem user. Works fine for them, they get all the routes needed added. And its on the same laptop at the same location. In his case it seems the networks are combined from both policies.
Why are the networks from both policies not being combined for my problem user? How is the XG supposed to handle things when multiple policies are being applied?
Thanks!
This thread was automatically locked due to age.
