Heartbeat authentication failed : username without domain name maybe the cause- Live users disappear but still connected to vpn

Hello,

we use the SSLVPN authentication to apply different rules for users and the heartbeat to have the synced security.

Sometimes the user still connected to the VPN but not visible in the live user, in this case the rules with match known user not work! He need to reconnect the vpn to be visible again.

I found on the log a lot of error in the authentication tab related to heartbeat. All heartbeat have the status FAILED. 

If i compare with SSLVPN, the @domain is visible and the authentication work fine. 

For the problematic user, we can see the logout in the log but on the desktop ,the vpn still connected ! 

Any idea why the heartbeat doesn't return the domain? Could be the cause of my problem? Thank you



Edited and Added TAGs
[edited by: emmosophos at 12:38 AM (GMT -7) on 24 Apr 2021]
Parents
  • Hello Julian,

    Thank you for contacting the Sophos Community.

    What do you see in the /log/access_log.log for this user?

    For the SSL VPN you’re using two different types of authentication? 

    As a suggestion, if you’re using Heartbeat and STAS for authentication, try to stick to only one type of authentication for the same segment of devices.

    Regards,


     
    Emmanuel (EmmoSophos)
    Community Support Engineer | Sophos Technical Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Hi ,

    I need to wait the next event to check in access&***;log, i will check today.

    For VPN no we just use the AD authentication but when a user is connected using ssl, the authentication is SSL VPN but thought the AD. Some rules are created by using users

    To avoid to have 2 authentication with STAS and SSLVPN for the same IP i added the subnet of the SSLVPN to the excluse subnet in STAS. 

    But i have a lot of error for heartbeat in authentication TAB, for me i don't have any problem to use only the heartbeat for authentication of this user but how can i solve the error with heartbeat authentication? Why there is a lot of error? (Only error, never it's ok for heartbeat)

    Thank you

  • Heartbeat uses a different auth method. The endpoint will strip the SAMAccountname and the used Domain and send it to the XG.

    XG will look for a matching AD Server for this particular Domain.

    If you are using .local internally but the endpoint strips .com, this causes this problem. 

    If the Logviewer shows a Auth error because of no finding AD Server, this could be the issue. 

    __________________________________________________________________________________________________________________

Reply
  • Heartbeat uses a different auth method. The endpoint will strip the SAMAccountname and the used Domain and send it to the XG.

    XG will look for a matching AD Server for this particular Domain.

    If you are using .local internally but the endpoint strips .com, this causes this problem. 

    If the Logviewer shows a Auth error because of no finding AD Server, this could be the issue. 

    __________________________________________________________________________________________________________________

Children