SSL VPN and AD group identifier
Options
another_user
Posts: 16 
Freshman Member
Freshman Member
Hello guys, this is my situation:
AD --> windows server 2012 R2 64
Zyxel --> USG1100 Firmware version V4.31(AAPK.0) (250 ssl vpn license)
I have configured correctly AAA server to query active directory
i have configured auth metod Default --> local+ group ad
i have created a Group identifier named "VPN_users" (test query give me ok, for the members)
Using this group identifier for L2TP works fine, on SSL VPN not. (validation test are all OK)
The strange thing is when i use a generic group "ad_users" (on SSL VPN) this works, but this enable all users of domain, it cannot be filtered.
When is selected VPN_users, and try to connect with secuexteder, log on firewall show this:
User xyz (MAC=xx:xx:xx:xx:xx:xx) from http/https has logged in Device
User xyz (MAC=xx:xx:xx:xx:xx:xx) from http/https has logged out Device
The user is recognized, ma forced to logout immediately
Is there a known bug for V4.31(AAPK.0) or i mistaken/forgotten something on configuration?
thanks for the support
AD --> windows server 2012 R2 64
Zyxel --> USG1100 Firmware version V4.31(AAPK.0) (250 ssl vpn license)
I have configured correctly AAA server to query active directory
i have configured auth metod Default --> local+ group ad
i have created a Group identifier named "VPN_users" (test query give me ok, for the members)
Using this group identifier for L2TP works fine, on SSL VPN not. (validation test are all OK)
The strange thing is when i use a generic group "ad_users" (on SSL VPN) this works, but this enable all users of domain, it cannot be filtered.
When is selected VPN_users, and try to connect with secuexteder, log on firewall show this:
User xyz (MAC=xx:xx:xx:xx:xx:xx) from http/https has logged in Device
User xyz (MAC=xx:xx:xx:xx:xx:xx) from http/https has logged out Device
The user is recognized, ma forced to logout immediately
Is there a known bug for V4.31(AAPK.0) or i mistaken/forgotten something on configuration?
thanks for the support
0
Accepted Solution
-
We have fixed similar issue in latest firmware.
You can upgrade to 4.38 and try it again.
5
Zyxel Employee
All Replies
-
We have fixed similar issue in latest firmware.
You can upgrade to 4.38 and try it again.
5 -
Thanks for the fast answer, i will upgrade soon, during a quite period
0
Categories
- All Categories
- 439 Beta Program
- 2.8K Nebula
- 201 Nebula Ideas
- 126 Nebula Status and Incidents
- 6.3K Security
- 503 USG FLEX H Series
- 325 Security Ideas
- 1.6K Switch
- 84 Switch Ideas
- 1.3K Wireless
- 49 Wireless Ideas
- 6.8K Consumer Product
- 287 Service & License
- 458 News and Release
- 89 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 96 Security Highlight
