Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN (TCP) Static IP Address issues

Hello,

I am experiencing the issues listed in NC-120119 when I am using TCP mode for my SSL VPNs.

I have a select number of users who I required to get a static IP address, however when they are connected, if they change network type and it tries to reconnect, I get the auth error described in NC-120119.

All the symptoms I have are consistent with NC-120119, except I am not using UDP, I am definitely on TCP.

Is this a further known issue?

Thanks.

SFOS 20.0.0 GA-Build222



This thread was automatically locked due to age.
Parents
  • Hi  , NC-120119 issue is seen only if the sslvpn ra tunnel mode is of UDP and not applicable to sslvpn tunnel mode of TCP. 

    There was another NC-124684, where static address is not released sporiadically (when login fails for a sslvpn user) which is fixed in 20.0 MR1.

    If you observe the issue on 20.0 MR1 Can you DM  me the access-id of the XG/XGS to check the logs further.

  • Hi Vamshi, 

    In this case the device connects successfully on one connection type (WiFi) but when switching to cellular the session would remain connected in the firewall, but would result in an "Auth failed" error.

    The device was then disconnected from the VPN and a force disconnection was done from the current activities list (as the device was still present, despite being disconnected). Only then when a new session was established that the connection was successful. These symptoms are very similar to NC-120119 even though we are using TCP-only in our setup.

    Will observe to see if 20.0 MR1 will be an improvement. It still hasn't shown up as an update in our firewall for the moment

    Edit: Support case number is 07386682  

    Edit 2: Mixed up my issue description, fixed that now

  • Hi Edward,

    Thank you for sharing the case ID. We've left a note and will monitor the case further. 

    Also, as requested by Vamshi D, kindly share your access ID with him.

    Erick Jan
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

Reply Children
No Data