SSL VPN and AD group identifier

another_user
another_user Posts: 12  Freshman Member
First Anniversary First Comment
edited April 2021 in Security
Hello guys, this is my situation:

AD -->  windows server 2012 R2 64
Zyxel -->  USG1100  Firmware version V4.31(AAPK.0)   (250 ssl vpn license)


I have configured correctly  AAA server to query active directory  
i have configured auth metod Default --> local+ group ad
i have created a Group identifier named  "VPN_users" (test query give me ok, for the members)



Using this group identifier for L2TP works fine, on SSL VPN not. (validation test are all OK)

The strange thing is when i use a generic group "ad_users" (on SSL VPN)   this works, but this enable all users of domain, it cannot be filtered.

When is selected VPN_users, and try to connect with secuexteder, log on firewall show this:

User xyz (MAC=xx:xx:xx:xx:xx:xx) from http/https has logged in Device
User xyz (MAC=xx:xx:xx:xx:xx:xx) from http/https has logged out Device

The user is recognized, ma forced to logout immediately


Is there a known bug for V4.31(AAPK.0)  or i mistaken/forgotten something on configuration?



thanks for the support













Accepted Solution

All Replies

  • another_user
    another_user Posts: 12  Freshman Member
    First Anniversary First Comment
    Thanks for the fast answer, i will upgrade soon, during a quite period :+1:


Security Highlight