This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Removed user can still dial SSL VPN

Hi All

We have a Sophos UTM and it syncs to our Windows AD server. On the AD Server there is a security group called Sophos UTM user portal. We wanted to remove several users to stop them dialling a VPN. I have removed them from this group and ran a 'sync now' via the authentication services / advanced menu on the Sophos and whilst this has blocked portal access you can still dial a SSL VPN.


I need to block the dialling of the VPN rather than just block portal access.

I have tried setting DIAL IN on the AD user to deny but that made no difference

Any ideas?

Any help would be most appreciated.



This thread was automatically locked due to age.
  • Hi David,

    The sync adds/updates user objects on the UTM, but does not remove them if the user is deleted in AD.

    Or, did you mean that you removed the users from the AD Security Group?  Show us pictures of the Edits of the Backend Group and the the SSL VPN Remote Access Profile and confirm that 'Enable AD group membership background sync' is selected on the 'Advanced' tab of 'Authentication Services'.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thanks for the response, I have checked and the UTM does indeed have background AD sync enabled and the users have been removed from the Sophos AD Security Group. See below

    The removal from the Portal Security Group is clearly syncing as I cannot login to the portal with a previously added AD user (that was then removed) but that same user can still dial a VPN if they use a computer that has the SSL VPN client already installed

    I need to block VPN dial in for certain users rather than block access to the UTM portal

    If a user that is removed from this list dials the Sophos VPN client they get the green connected traffic light - I need to block this

    Any ideas?

  • As I requested above: Show us pictures of the Edits of the Backend Group and the the SSL VPN Remote Access Profile.  Also, confirm (again?) that the user was removed from the AD Security Group used by the Backend Group in the UTM.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA