In my environment i have enabled SSL VPN on my XG. Authentication is through AD. I have an AD security group which synchronises with XG. I add AD members to this group and SSL VPN access is granted to the users of this AD security group.
I have some AD users who have time restrictions for logging into the network (setup in AD). When i add a memeber to the AD security group, it takes a day for the AD members to be granted access to the VPN. Eg , I add a AD user at 10 am today to the AD security group to access the VPN. The AD user is able to downloads the SSL VPN Client configuration file from the XG User portal. However when connecting through the SSL client the user gets the error Access Time Policy violation. When the user tries to login the next day same time, then the user is able to connect using the SSL Client. Is there a way on XG where when i add/remove a user in AD, it synchronises with XG instantly.
The DC's are communicating with XG using plaintext. Is that a problem
Version: 17.5 MR
Thanks for reaching out to the Community!
I would advise you to put the access_server process in debugging, replicate the issue and provide access_server logs in debugging.
Follow this KB…
Follow this KB Article to SSH into the XG firewall: Sophos XG Firewall: How to SSH to the firewall using PuTTY utility
Select Option 5 (Device Management) > Option 3 (Advance Shell)
Run this command to put the access_server service in debug:
Please check out the following KBA to locate and capture the logs: Sophos XG Firewall: Where to find log files?
Once you capture the access_server logs in debugging, run the same command to put access_server service in normal running mode.
Run this command to check service status :
Please PM me the logs and username.
Community Support Engineer | Sophos Technical SupportSupport Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts If a post solves your question use the 'Verify Answer' button.