Questo sito utilizza cookie di profilazione (propri e di terze parti) per ottimizzare la tua esperienza online e per inviarti pubblicità in linea con le tue preferenze. Continuando a utilizzare questo sito senza modificare le tue preferenze acconsenti all’uso dei cookie. Se vuoi saperne di più o negare il consenso a tutti o ad alcuni cookie clicca qui>
The website that you are visiting also provides Arabian language. Do you wish to switch language version?
يوفر موقع الويب الذي تزوره المحتوى باللغة العربية أيضًا. هل ترغب في تبديل إصدار اللغة؟
The website that you are visiting also provides Russia language Do you wish to switch language version?
Данный сайт есть в английской версии. Желаете ли Вы перейти на английскую версию?
Customer has problem with SSL VPN client disconnect, the problem is when dial VPN server (USG6300 in our case) the connection is successful but after 30 seconds only
the USG6300 disconnect the client and sends him this message (Sorry, You are forced to log out. Please contact the network administrator).
No alarm reported for this case.
First of all, we checked the SSL VPN configuration and it seems everything is good, customer configured network extension and configured available IP addresses for end users and the accessible network, then we checked the user account and it seems the user is authorized to for network extension and this is good also.
The customer used domain authentication with LDAP server for this SSL VPN, so we also checked the user account through LDAP detection function and we noticed the authentication is succeeded and user name and password are good.
Also we noticed the firewall works on Dual Failover (Active and Standby mode) and we noticed when we stop failover function and work on single firewall (the master one) only the SSL VPN works good without any interruption while if we back to failover mode the SSL VPN stops only after 30 seconds.
The firewall works on active and standby mode, and we noticed that the user accounts in the standby firewall are not synchronized with LDAP and not same as the master firewall, so when client login successfully and within 30 seconds the master firewall try to synchronize the session with standby firewall the standby firewall doesn’t recognize the user account and thinks this a kind of hacking and for security reasons the standby firewall sends request to discount this client as its account is not known so the firewall force the client to end this session and discount.
The Solution for this case is by synchronize the users account in standby firewall with the LDAP server and make sure both firewall (Master and Standby) has same and matched accounts.
Firewalls do many objects synchronization but also try to make sure the synchronization is good and matched.