SSL VPN locks user on failed password

Hi duggan1,

Can you check on the Log viewer under authentication? and check how many authentications it did try on one session.

A possible cause might be is, after failing from DC1 it’ll try to authenticate on DC2 and so on until it gets lockout.

Erick Jan said:

A possible cause might be is, after failing from DC1 it’ll try to authenticate on DC2 and so on until it gets lockout.

yes, sounds just like that.

duggan1 can you post your SFOS version, please.

One entry in the log viewer for authentication failure, multiple on the DCs as I mentioned. We've got 2 DCs configured on the firewall, and the bad pwd count is always the same, 3 on the first DC listed and one on the second. It's definitely trying both, but surely on a 6A (bad password) return code it should stop? Something isn't right.

SFOS is 18.5.2 MR2 build 380.

One entry in the log viewer for authentication failure, multiple on the DCs as I mentioned. We've got 2 DCs configured on the firewall, and the bad pwd count is always the same, 3 on the first DC listed and one on the second. It's definitely trying both, but surely on a 6A (bad password) return code it should stop? Something isn't right.

SFOS is 18.5.2 MR2 build 380.

Hello duggan1,

Please upgrade the firmware to the latest release i.e. v18.5.4 MR-4


> https://community.sophos.com/sophos-xg-firewall/b/blog/posts/sophos-firewall-v18-5-mr4-is-now-available

Yeah planning to. Is this fixed in a later release? Don't see anything in release notes about it.

Upgraded to 19.0.1 MR1, problem still exists.

Hello there,

Adding to what has been mentioned, do you use OTP for SSL VPN?

Regards,

We do indeed.

Have worked around it by increasing the lockout threshold on the AD but it's still odd behaviour to my mind.