Have found out that UTM is not supporting fully SSO is some situations for VPN connections for Windows 10.
The nearest I have come so far is using L2TP over IPsec, where the user on the Windows login screen can select to connect VPN and log on simultaneously. STAS on the DC catches the log on event and reports it to the UTM and you can then use user based fire wall rules.
One advantage using L2TP is that the method supports L2TP on the Windows log on screen which means that the Windows logon procedure is a domain logon connected to the DC from start.
The downside of using L2TP over IPsec is that it is not configurable which networks should use the tunnel, only routes for UTM local networks are forwarded to the client. Have found this thread where Sophos says that "PPTP and L2TP are not designed to be used in split tunnel setups." But later comments says that it is done elsewhere. So it is possible? If that worked I liked to configure ANY networks.
Since L2TP is not working for me I started to look for other solutions, like SSL VPN, where you can configure local networks. Here it works using ANY networks.
The downside of using SSL VPN is that is not supporting SSO. You have to use the authentication agent and configure your username and password a second time in order to use user based firewall rules.
Is there a solution to achieve truly SSO for VPN connection for Windows?
This thread was automatically locked due to age.