Thread Info
  • Locked Locked
  • Replies 3 replies
  • Subscribers 6 subscribers
  • Views 1646 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN disconnect with MFA

deactivator

Hello Community,

i tried to enable MFA for specific Users but all freshly MFA enabled Users reported to loose connectivity several times during the day. They reported at least 7-8 disconnects over one workday, they have not had this issue before. They are all using different but stable internet Connections in their facilities. The only change is the implementation of OTP. to enable theses Users for MFA i have created a new AD Backend Group and moved them from the original one to the MFA enabled one. They logged in to the Portal once and set up the app, the first ssl vpn connection worked fine but keeps dropping as described. Key Lifetime is set to default (8 Hours) What can cause this issue? I am Using OTP for my Admin access and WFH VPN without interruption successfully since months. (6-7 Hours per day without disconnects)

Do i have to reinstall the client?

Thanks Greetings



This thread was automatically locked due to age.
Parents

  • Without MFA the client use the "old" credentials again if connection is reestablished.  (user1+pass1  reconnect user1+pass1) 

    But the "old" credentials are not the "new" credentials with MFA because the token is not the same (user1+pass1+123456  reconnect but credentials should be user1+pass1+664422)

    we configure the key lifetime to 12 hours (more than a full workday)


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • in reply to dirkkotte

    Hallo Dirk,

    Have you challenged your ISP about the reliability of your connection?  I don't recall seeing this issue here before...

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • in reply to BAlfson

    Hi Bob,
    seen this multiple times...
    1. users (homeworkers) with instable connection (5 of 150) have to enter credentials again while reconnecting ... starting with 2FA-Token activation.
    2. users connecting more than 8h (we have 15h remote controlled infrastructures) are disconnected after 8h ... and have to enter credentials ... since 2FA.
    3. ...
    ... it's by design i think

    Greetings, Dirk


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Reply
  • in reply to BAlfson

    Hi Bob,
    seen this multiple times...
    1. users (homeworkers) with instable connection (5 of 150) have to enter credentials again while reconnecting ... starting with 2FA-Token activation.
    2. users connecting more than 8h (we have 15h remote controlled infrastructures) are disconnected after 8h ... and have to enter credentials ... since 2FA.
    3. ...
    ... it's by design i think

    Greetings, Dirk


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Children
No Data
Unfiltered HTML