Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 704 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN with AD Remote User

microgluf
Hi all,

Using: 8.201 with Proxy update

When I have SSL clients connecting to the Astaro AND these users are from the AD integration, they don't show as connected in the Remote Access status list. i.e (only local Astaro users are seen)

I assume that's a bug but it leads me then to the next set of problems...

Since these users are connected but the Astaro doesn't report them, it means that the firewall rules for these users don't work...  i.e. John Doe (user network) is undefined..  that means that I have to grant rights to the whole VPN subnet full rights and loose granular control.  Unacceptable in my case for obvious security reasons.

Any ideas ??


This thread was automatically locked due to age.
  • 0
    Can anyone confirm this?  Also in 8.202?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Hm - we are using remote authenticated user for SSL VPN with 8.103 - but they are RADIUS authenticated - that works seamless and I don't know if the auth mechanism makes a difference in this case.

    First of all I would have a look in the authentication log if the users are really authenticated against AD - can you post some lines out the authentication log

    Regards
    Manfred
  • 0
    Do you have auto user creation enabled for the SSL VPN?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Hi Bob,

    Yes I do. Users can logon no problems. The users are automatically created as well as their certificates. So that side is fine.

    But they still won't show in the Connected Users list and of course as stated before they don't get assigned with an IP (user network)...

    Cheers,
    Pierre
Cookie Information Banner