SSO event logs
I have a 2 servers running the Authentication gateway. They are both behind a M370 firefox where i have multiple remote firefoxes connected to the M370 firebox with vpn.
All remote subnets has clients with the SSO client and this is working.
I am trying to understand why i see remote user SSO authentication logs on remote firebox devices where the login user is not physical located.
Exampel: On my firebox at home with subnet 192.168.6.0/24 i see AD user USERNAME authenticated:
2021-07-30 09:43:51 sessiond Firewall user USERNAME from 172.17.18.16 logged in msg_id="3E00-0002" Event
Looking at the FSM authentication list on my local firewall, i see a lot of authenticated users which is logged in from other fysical places, but only some users, not all, compared to the authentication list on the M370 firewall.
How do SSO authentication work between sites connected with vpn?
The fireboxes is running a mix of 12.7.1U1 and 12.5.7U3. All SSO is running 12.7.
Bwt., i have opened a support case. However the first reply I got, was a bit odd, so in the mean time, i ask here, i anybody should have a qualified answer.
Can you please install an SSO Agent in your local network and configure T35 to use this local SSO Agent. After that check, if you are still seeing users from other networks.
As i cannot be the first customer with this type of SSO setup, i would believe support should have a better answer - or do some tests internal instead of asking me.