SSL VPN and AD group identifier
another_user
Posts: 16 
Freshman Member
Freshman Member
Hello guys, this is my situation:
AD --> windows server 2012 R2 64
Zyxel --> USG1100 Firmware version V4.31(AAPK.0) (250 ssl vpn license)
I have configured correctly AAA server to query active directory
i have configured auth metod Default --> local+ group ad
i have created a Group identifier named "VPN_users" (test query give me ok, for the members)
Using this group identifier for L2TP works fine, on SSL VPN not. (validation test are all OK)
The strange thing is when i use a generic group "ad_users" (on SSL VPN) this works, but this enable all users of domain, it cannot be filtered.
When is selected VPN_users, and try to connect with secuexteder, log on firewall show this:
User xyz (MAC=xx:xx:xx:xx:xx:xx) from http/https has logged in Device
User xyz (MAC=xx:xx:xx:xx:xx:xx) from http/https has logged out Device
The user is recognized, ma forced to logout immediately
Is there a known bug for V4.31(AAPK.0) or i mistaken/forgotten something on configuration?
thanks for the support
AD --> windows server 2012 R2 64
Zyxel --> USG1100 Firmware version V4.31(AAPK.0) (250 ssl vpn license)
I have configured correctly AAA server to query active directory
i have configured auth metod Default --> local+ group ad
i have created a Group identifier named "VPN_users" (test query give me ok, for the members)
Using this group identifier for L2TP works fine, on SSL VPN not. (validation test are all OK)
The strange thing is when i use a generic group "ad_users" (on SSL VPN) this works, but this enable all users of domain, it cannot be filtered.
When is selected VPN_users, and try to connect with secuexteder, log on firewall show this:
User xyz (MAC=xx:xx:xx:xx:xx:xx) from http/https has logged in Device
User xyz (MAC=xx:xx:xx:xx:xx:xx) from http/https has logged out Device
The user is recognized, ma forced to logout immediately
Is there a known bug for V4.31(AAPK.0) or i mistaken/forgotten something on configuration?
thanks for the support
0
Accepted Solution
-
We have fixed similar issue in latest firmware.
You can upgrade to 4.38 and try it again.
5
Zyxel Employee
All Replies
-
We have fixed similar issue in latest firmware.
You can upgrade to 4.38 and try it again.
5 -
Thanks for the fast answer, i will upgrade soon, during a quite period
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 150 Nebula Ideas
- 98 Nebula Status and Incidents
- 5.7K Security
- 270 USG FLEX H Series
- 274 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.4K Consumer Product
- 250 Service & License
- 389 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 74 Security Highlight
