Wednesday, September 18, 2013

SSLVPN what happens if you don't specify a user-group as sslbpn type

In this quick and short blog, I wanted to share a issue where a user ( me ) had a sslvpn account,  but we forgot to apply the group as  a SSLVPN type.

Here's what happen upon numerous attempted logins , whikle  using the forti sslvpn client or browser;

Here's the  fwpoliciy that gave me my frustration, it looks good right ?

and the group;

Now here's the new fwpolicy with group that works;

So when  battling some things that doesn't work out, or  the outcome is not as expected; "take a deep breath and a few steps back and review  your config & use the diag commands".

Some times we missed the obvious,  by not looking policing our configurations  and/or we start swinging blindly at what we think is the problem.

I never thought to check  the group settings. The fix took only 2mins,  but I spent over 4+ hours checking my sslvpn client and re-issuing the username/password.

FWIW; Most problems with vpns, always comes down to a  mis-configuration.

Ken Felix
Freelance Network / Security Engineer
kfelix  ----a---t---socpuppets ---d---o---t---com

     ^      ^
=(  @   @ )=
       /     \

No comments:

Post a Comment