VPN SSL - AD authentication users with expired password
We have a large client with up to 500 users and now, approximately 200 working remotely from house.
They use Mobile VPN SSL and logon with they AD user/password credentials because we enabled this authentication on Firebox.
We are having some issues with users with password expired. For security, users password expire after 90 days and the user needs to change it, this is mandatory.
If the password expire, VPN SSL fails to connect because obviously AD is not accepting the password and is requiring to change it, but VPN SSL client doesn't allow it because it's unable to interact with AD. Just authenticate.
I know that VPNSSL works with OpenVPN Servers and this is not allowed too.... because the Access Server module "only can read" AD information but not set/allow changes.... but others brands like SonicWall or Fortinet allow to change the password and I know that MSCHAPv2 allows it.
I just want to know if WatchGuard have this on the Roadmap and will launch a solution/improvement or it will never implemented due to OpenVPN server limitation.