SSL VPN and AD group identifier

another_user
Posts: 16
Freshman Member




Hello guys, this is my situation:
AD --> windows server 2012 R2 64
Zyxel --> USG1100 Firmware version V4.31(AAPK.0) (250 ssl vpn license)
I have configured correctly AAA server to query active directory
i have configured auth metod Default --> local+ group ad
i have created a Group identifier named "VPN_users" (test query give me ok, for the members)

Using this group identifier for L2TP works fine, on SSL VPN not. (validation test are all OK)
The strange thing is when i use a generic group "ad_users" (on SSL VPN) this works, but this enable all users of domain, it cannot be filtered.
When is selected VPN_users, and try to connect with secuexteder, log on firewall show this:
User xyz (MAC=xx:xx:xx:xx:xx:xx) from http/https has logged in Device
User xyz (MAC=xx:xx:xx:xx:xx:xx) from http/https has logged out Device
The user is recognized, ma forced to logout immediately
Is there a known bug for V4.31(AAPK.0) or i mistaken/forgotten something on configuration?
thanks for the support

AD --> windows server 2012 R2 64
Zyxel --> USG1100 Firmware version V4.31(AAPK.0) (250 ssl vpn license)
I have configured correctly AAA server to query active directory
i have configured auth metod Default --> local+ group ad
i have created a Group identifier named "VPN_users" (test query give me ok, for the members)

Using this group identifier for L2TP works fine, on SSL VPN not. (validation test are all OK)
The strange thing is when i use a generic group "ad_users" (on SSL VPN) this works, but this enable all users of domain, it cannot be filtered.
When is selected VPN_users, and try to connect with secuexteder, log on firewall show this:
User xyz (MAC=xx:xx:xx:xx:xx:xx) from http/https has logged in Device
User xyz (MAC=xx:xx:xx:xx:xx:xx) from http/https has logged out Device
The user is recognized, ma forced to logout immediately
Is there a known bug for V4.31(AAPK.0) or i mistaken/forgotten something on configuration?
thanks for the support
0
Accepted Solution
-
We have fixed similar issue in latest firmware.
You can upgrade to 4.38 and try it again.
5
All Replies
-
We have fixed similar issue in latest firmware.
You can upgrade to 4.38 and try it again.
5 -
Thanks for the fast answer, i will upgrade soon, during a quite period
0
Categories
- All Categories
- 415 Beta Program
- 2.5K Nebula
- 152 Nebula Ideas
- 102 Nebula Status and Incidents
- 5.8K Security
- 296 USG FLEX H Series
- 281 Security Ideas
- 1.5K Switch
- 77 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.5K Consumer Product
- 254 Service & License
- 396 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 87 About Community
- 76 Security Highlight