Blocking mobile vpn user IP addresses
Hi,
v12.11.2 started blocking IP addresses of Mobile Vpn ssl users connecting remotely.
I haven't changed any settings related to these parts recently.
The log looks like this: block failed logins
(whereas the user says that he entered his password correctly the first time and did not make consecutive attempts)
When I clear the user's IP address from the blocked site list, the user can connect without any problem by confirming Authpoint.
Blocked again after 1 day
0
Sign In to comment.
Answers
Hi @Ralf80
(Depending on your settings) the firebox will only start the block if it gets an authentication reject - if you check your logs on your firewall, do you see any of those?
Authentication will appear as the "admd" process, so it may help to search for "admd" in your logs.
-James Carson
WatchGuard Customer Support
Thank you, “admd” played a role in catching the problem during testing in the logs.
I think the problem is the following: The first time the user enters the wrong password in the Mobile VPN with SSL client program, the Mobile VPN with SSL client tries the password again and again in the backend! the user is waiting for the user to connect.
The logs show the 3rd attempt log. whereas the user makes one attempt. in the meantime, the IP address is blocked.
Possible solution: How do we fix Mobile VPN with SSL client trying the password over and over again if the password is entered incorrectly ?
@Ralf80 If the user is getting a popup saying that auth failed and asks if they want to try the profile they downloaded previously, click no/cancel, and start over. If you click yes/ok, it will attempt to log in again using the credentials they previously used.
-James Carson
WatchGuard Customer Support