VPN user in firewall polcies

Hi ce_Sophos

Thank you for reaching out to the community, you can create two different SSL VPN Policies to meet the requirement as per the link.

Policy will look like : 

Thanks and Regards 

for everyone who says username is available, check this screenshot. Sophos does not captures ipsec VPN usernames, even if you enable "match known users" in firewall policy.

Please show us the rest: Is this a Remote Access user or a site to site connection? 

remote access, sophos connect VPN (IPSEC)

Can you show us the screenshot of this entire Logviewer? 

Because this should be there. 

And show us the live users in Webadmin. 

Live users does not show username. however IPSEC connection show susernaem with IP details.

Hi,

Are the users linked to a specific server or is the user data shared across servers?

ian

users created in Sophos XG, local users.

Hello there,

Is this only happening to users authenticating via Sophos Connect? Are they running 2.2? What version of the XG you are running?

Regards,

Just curious: What do you see in Live Users? Is it empty? 

SFOS 18.5.2 MR-2

SophosConnect_2.2.75

happening to users authenticating via Sophos Connect

Live users does not show that username, all othe rinternal captive portal users are shown. however IPSEC connection show username with IP details.

Live users does not show that username, all othe rinternal captive portal users are shown. however IPSEC connection show username with IP details.

That is odd. Do you have Captive Portal or another authentication enabled for this zone VPN? Because it should list the users. If live users does not have the user with IP mapping in there, that is essentially the issue, why a firewall rule with match user is not working.

Could you go to the logviewer - authentication and check, if there are authentication succesful and unsuccesful entries are for those VPN users? 

captive portal was disabled, to check i enabled it. The authentication log is strange, there's both failed and successful logs for a single user login.

This should give us an indication: Access Server is actually denying this user because of Time Policy. Check the user and the Access Policy you are using. 

Woow, that was an incredible observation. The issue is now resolved, I can see username in the logs. User based policy also working now.
Access time in user properites was denied all time.