SSL VPN and AD group identifier
another_user
Posts: 12 Freshman Member
Hello guys, this is my situation:
AD --> windows server 2012 R2 64
Zyxel --> USG1100 Firmware version V4.31(AAPK.0) (250 ssl vpn license)
I have configured correctly AAA server to query active directory
i have configured auth metod Default --> local+ group ad
i have created a Group identifier named "VPN_users" (test query give me ok, for the members)
Using this group identifier for L2TP works fine, on SSL VPN not. (validation test are all OK)
The strange thing is when i use a generic group "ad_users" (on SSL VPN) this works, but this enable all users of domain, it cannot be filtered.
When is selected VPN_users, and try to connect with secuexteder, log on firewall show this:
User xyz (MAC=xx:xx:xx:xx:xx:xx) from http/https has logged in Device
User xyz (MAC=xx:xx:xx:xx:xx:xx) from http/https has logged out Device
The user is recognized, ma forced to logout immediately
Is there a known bug for V4.31(AAPK.0) or i mistaken/forgotten something on configuration?
thanks for the support
AD --> windows server 2012 R2 64
Zyxel --> USG1100 Firmware version V4.31(AAPK.0) (250 ssl vpn license)
I have configured correctly AAA server to query active directory
i have configured auth metod Default --> local+ group ad
i have created a Group identifier named "VPN_users" (test query give me ok, for the members)
Using this group identifier for L2TP works fine, on SSL VPN not. (validation test are all OK)
The strange thing is when i use a generic group "ad_users" (on SSL VPN) this works, but this enable all users of domain, it cannot be filtered.
When is selected VPN_users, and try to connect with secuexteder, log on firewall show this:
User xyz (MAC=xx:xx:xx:xx:xx:xx) from http/https has logged in Device
User xyz (MAC=xx:xx:xx:xx:xx:xx) from http/https has logged out Device
The user is recognized, ma forced to logout immediately
Is there a known bug for V4.31(AAPK.0) or i mistaken/forgotten something on configuration?
thanks for the support
0
Accepted Solution
-
We have fixed similar issue in latest firmware.
You can upgrade to 4.38 and try it again.
5
All Replies
-
We have fixed similar issue in latest firmware.
You can upgrade to 4.38 and try it again.
5 -
Thanks for the fast answer, i will upgrade soon, during a quite period
0
Categories
- All Categories
- 347 Beta Program
- 2.1K Nebula
- 114 Nebula Ideas
- 77 Nebula Status and Incidents
- 5K Security
- 44 USG FLEX H Series
- 246 Security Ideas
- 1.2K Switch
- 65 Switch Ideas
- 901 WirelessLAN
- 33 WLAN Ideas
- 5.8K Consumer Product
- 204 Service & License
- 326 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.8K FAQ
- 831 Nebula FAQ
- 401 Security FAQ
- 219 Switch FAQ
- 190 WirelessLAN FAQ
- 45 Consumer Product FAQ
- 136 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 71 About Community
- 61 Security Highlight