sslvpn authpoint in policy
Hi
T40 12.9.4
User connects to FW and authenticate with AuthPoint (via ldap to AD) with success.
The user is member of 1 AuthPoint group which is allowed to send traffic to 172.17.4.8 on port 80, but is denied access as below.
Of cause if i allow the sslvpn ip subnet traffic flows with success. Am i missoing something here?
FWDeny, Denied, pri=4, disp=Deny, policy=Unhandled-External-Packet-00, protocol=http/tcp, src_ip=192.168.113.2, src_port=60201, dst_ip=172.17.4.8, dst_port=80, src_intf=0-SSL-VPN, dst_intf=Internal Network, rc=101, pckt_len=52, ttl=127, pr_info=offset 8 S 445363681 win 61690, src_user=XXXX@AuthPoint, 3000-0148
Regards
Robert
0
Sign In to comment.
Comments
Hi @Robert_Vilhelmsen
I'd suggest pulling a support file and looking in \Fireware_XTM_Support.tar\support\system\auth_session_list.txt -- You should get a list of all the users logged in, and more importantly what group they're appearing in.
If you're seeing unhandled traffic that means there's no policy for it to match, likely meaning that we have no group.
Since it looks like you're using AuthPoint via WatchGuard cloud, we'll copy whatever group the user appears as inside of AuthPoint.
-James Carson
WatchGuard Customer Support