USG Flex 200H: I have problems with SSL-VPN using AD Users

Venta · May 25

Hallo,

i can login to AD when using "ANY" User is allowed to use SSLVPN.

But i can not restrict to the username who is allowed to login and also i can not use a username on a policy to restrict a rule to one person or a group.

Maybe i only don't know the correct naming for a user when authenticated to AD.

I have tried with a username ZJenisova, i have tried zjenisova, i have tried zjenisova@axx.sk.local with EXT-User type.
Nothing worked.

Maybe someone have a hint for me.
On the USG200 ZJenisova with type EXT-User worked perfectly.

Thanks

Wolfgang

Venta · May 26

First Findings for Firmware 1.38:

For Security Policy the Username must be in all Uppercase in the USER Settings and the Username with type EXT-USER must be created before the VPN is connected or you must reconnect the VPN to get it working.

It does not matter if you use mixed case username on login!

Zyxel_Tina · May 26

Hi @Venta,

Thank you for your update. May I confirm whether the issue has been resolved?

If the issue still persists or you encounter further problems, to assist with investigation, please provide screenshots of your AD server settings and grant us remote access so we can directly review your USG FLEX 200H configuration. Please refer to the following articles and see which method is applicable to your setup:

If the device is on Nebula, kindly enable Zyxel Support Access and share the org/site name with us.
(Local GUI) Alternatively, you can allow us to access the device from the WAN.

Please note that any information containing sensitive data should be shared with us via private message by clicking my profile > Message.

Venta · May 26

Hallo,

i got a weekly build but the problem stays the same.
There is a Support ticket opened. I have sent you a DM.

USG Flex 200H: I have problems with SSL-VPN using AD Users

All Replies

Categories

Security Help Center