VPN SSL group bookmark mapping

Question

Hi, I'm configuring usergroup bookmark in VPN SSL Portals, but it's not working as expected. Here is my configuration:

EUREPFWMAT1 (Tecnocampus) # config vpn ssl web user-group-bookmark
EUREPFWMAT1 (user-group-bookmark) # show
config vpn ssl web user-group-bookmark
    edit "G-Bookmarks-EC_Commercial"
        config bookmarks
            edit "Commercial1Server"
                set apptype rdp
                set host "172.20.10.74"
                set server-layout failsafe
                set port 3389
            next
            edit "Commercial2Server"
                set apptype rdp
                set host "172.20.46.217"
                set server-layout failsafe
                set port 3389
            next
        end
    next
    edit "G-Bookmarks-EC_Financial"
        config bookmarks
            edit "FinancialServer1"
                set apptype rdp
                set host "172.20.46.237"
                set server-layout failsafe
                set port 3389
            next
            edit "FinancialServer2"
                set apptype rdp
                set host "172.20.46.238"
                set server-layout failsafe
                set port 3389
            nextt
        end
    next
end

Then I have multiple users, some of them are belong to "G-Bookmarks-EC_Commercial" and others to "G-Bookmarks-EC_Financial"

In VPN SSL Settings -> Portal Mapping, both groups are mapped to the same portal, named "EC_PortalCorp".

Finally, i have a rule that allow the VPNSSL network and both groups to access to networks 172.20.0.0/16

config firewall policy
    edit 1
        set name "EC_vpnsslTC_MATTOInside"
        set uuid d16741be-1eab-51e7-1cff-37cd62056087
        set srcintf "ssl.Tecnocampus"
        set dstintf "VDL_Root-TC0"
        set srcaddr "EC_vpnSSLCorp_MAT"
        set dstaddr "EC_ALL_BCN-net"
        set action accept
        set schedule "always"
        set service "ALL"
        set groups "G-Bookmarks-EC_Financial" "G-Bookmarks-EC_Commercial"
    next

When I log in with a user that belongs to financial group, the bookmarks inside VPN Portal are mapped, and if i log with a commercial user, the respective bookmarks are mapped too, so up to here all is OK!

The problem comes when I include a user (xavidpr4) in both groups. I was expecting that bookmarks from two groups were mapped, but instead of that, only one group applies. I debuged the VPN SSL login and this is the output. Seems that only match one group:

2017-04-13 10:51:00 [3367:Tecnocampus:2b1]deconstruct_session_id:363 decode session id ok, user=[xavidpr4],group=[G-Bookmarks-EC_Financial],portal=[EC_PortalCorp],host=[XX.YY.76.10],realm=[],idx=0,auth=16,sid=3f8ef619, login=1492073460, access=1492073460
2017-04-13 10:51:00 [3367:Tecnocampus:2ad]req: /remote/portal?access=admin
2017-04-13 10:51:00 [3367:Tecnocampus:2ad]deconstruct_session_id:363 decode session id ok, user=[xavidpr4],group=[G-Bookmarks-EC_Financial],portal=[EC_PortalCorp],host=[XX.YY.76.10],realm=[],idx=0,auth=16,sid=3f8ef619, login=1492073460, access=1492073460
2017-04-13 10:51:00 [3367:Tecnocampus:2ac]req: /remote/portal
2017-04-13 10:51:00 [3367:Tecnocampus:2ac]deconstruct_session_id:363 decode session id ok, user=[xavidpr4],group=[G-Bookmarks-EC_Financial],portal=[EC_PortalCorp],host=[XX.YY.76.10],realm=[],idx=0,auth=16,sid=3f8ef619, login=1492073460, access=1492073460

bommi · Answer

Hi, have you found any solution to this problem? Best RegardsDominik

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded