sslvpn authpoint in policy

Hi

T40 12.9.4

User connects to FW and authenticate with AuthPoint (via ldap to AD) with success.
The user is member of 1 AuthPoint group which is allowed to send traffic to 172.17.4.8 on port 80, but is denied access as below.

Of cause if i allow the sslvpn ip subnet traffic flows with success. Am i missoing something here?

FWDeny, Denied, pri=4, disp=Deny, policy=Unhandled-External-Packet-00, protocol=http/tcp, src_ip=192.168.113.2, src_port=60201, dst_ip=172.17.4.8, dst_port=80, src_intf=0-SSL-VPN, dst_intf=Internal Network, rc=101, pckt_len=52, ttl=127, pr_info=offset 8 S 445363681 win 61690, src_user=XXXX@AuthPoint, 3000-0148

Regards
Robert

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Robert_Vilhelmsen

    I'd suggest pulling a support file and looking in \Fireware_XTM_Support.tar\support\system\auth_session_list.txt -- You should get a list of all the users logged in, and more importantly what group they're appearing in.

    If you're seeing unhandled traffic that means there's no policy for it to match, likely meaning that we have no group.

    Since it looks like you're using AuthPoint via WatchGuard cloud, we'll copy whatever group the user appears as inside of AuthPoint.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.