Cannot filter traffic by user in MUVPN IKEv2 policy using RADIUS
I've setup a Mobile User VPN using IKEv2 config on a Firebox M270 running 12.6.2.B631387. I've configured RADIUS authentication on the Firebox, and added the NPS policies as outlined in WG KB on our Windows 2012 R2 server.
Everything works fine, all users can connect to resources using the default “Allow IKEv2-Users” policy.
However if I try to create a new policy with a specific user ( part of the IKEv2-Users group) in the “From” tab the policy does not seem to have any effect. It appears as if the Firebox does not filter by specific RADIUS user.
I’ve checked that the IKEv2-Users authentication configuration and the AD “IKEv2-Users” group include this user. If I create a new policy which has the default IKEv2-Users group in the “From” tab, the policy works fine. It seems it doesn’t work only when a specific user within that group is specified.
I’ve checked the traffic logs and I can see the user ( [email protected]) in the “src_user” tag correctly when the default “AllowIKEv2-Users” policy is in effect.
Any idea how I could filter by a specific user in my policies or what I might be doing wrong?