Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 1980 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL-VPN user based rules - sophos-xg

Magnus Reinhardt

Hello,

I cannot find an in depth explanation of multiple SSL-VPN connections.
I added a "default" connection for our internal users with authentication against AD an everything is working fine. 

Now i want to add a few external users with very specific access rights so i have to make the firewall rules user based. So i copied my working default rule, changed destination networks and services and checked this checkbox in both rules. I expected that now my default users would match with my default rule because of the group and the new user would match with the new rule because there i added the user.

The Groups and users are AD users and groups

But it is not working. The blocked packets do not have the user field filled. If i remove the ckeckbox, vpn is working fine again

i know that i can add separate policies but filtering is very crude there:

 



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    have here the same issue.

    According the log, the userid gone lost. 

    Thanks

    Henri
    User ID
    Username
    Client type
    Host IP
    IP version
    MAC
    Start time
    Upload
    Download
    Data transfer rate
    (bits/sec)
    Internet usage time
    (HH:MM)
    Manage
    13
    @.de
    SSL VPN tunnel
    10.0.101.2
    IPv4
    2022-04-14 16:56
    40.63 KB

    drop-packet-capture 

    2022-04-14 17:02:21 0128021 IP 10.0.101.2. > 10.0.100.1. :proto ICMP: echo request seq 290
    0x0000: 4500 0054 5097 0000 4001 4d0f 0a00 6502 E..TP...@.M...e.
    0x0010: 0a00 6401 0800 9b96 ee07 0122 6258 377d ..d........"bX7}
    0x0020: 000b e85b 0809 0a0b 0c0d 0e0f 1011 1213 ...[............
    0x0030: 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 .............!"#
    0x0040: 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 $%&'()*+,-./0123
    Date=2022-04-14 Time=17:02:21 log_id=0128021 log_type=Firewall log_component=SSL_VPN log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=tun0 out_dev= inzone_id=5 outzone_id=1 source_mac= dest_mac= bridge_name= l3_protocol=IPv4 source_ip=10.0.101.2 dest_ip=10.0.100.1 l4_protocol=ICMP icmp_type=8 icmp_code=0 fw_rule_id=N/A policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=4 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=2606805376 masterid=0 status=0 state=0, flag0=549757911040 flags1=0 pbdid_dir0=0 pbrid_dir1=0

  • 0 in reply to Henri04

    Hello Henri, 
    Im still living with this Problem. As a Workaround i defined 1 IP Address ranges and can limit the access for the group. Still cant filter protocol.

Reply Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?