Scheduled SSL VPN access

Cristian_Penco · ‎11-25-2014

Hi,

I need to set up scheduled SSL VPN access for some users. Created separate groups, separated schedule, applied to the firewall policy...

But, if for example i restart the firewall, and the scheduled time is expired for that user:

- the user can connect to vpn, but traffic is not passing - that is OK

- I set the new sceduled end time to end for expample 5 minutes from now and the connected user get the traffic going - that is OK.

- when the time expires, the user still have full access - that is NOT OK

- disconnect and reconnect the user and he stillhas access - that is NOT OK

- even after half hour of the expired time the user can still connect and has access...

What I noticed is that the client has to be disconnected for some time after the schedule end to enforce the right time.

Is that a supposed behavior? What am I doing wrong?

This done on a Fortigate 100D with V4.0 MR3 Patch 18.

Thanks for the uesfull responses.

Cristian

Mark_Oakton · ‎11-25-2014

which policy have you put the schedule on?, vpn or inbound?

Infosec Partners

Cristian_Penco · ‎11-25-2014

Tried on all, the problem is as I nailed a bit, that the client has to be disconnected after the end time of the schedule to enforce it, like a minute or so, if less he can reconnect and gain all the access.

##Edit##

Seems that this is a Bug present in all of the current version. Still working with support for the issue.

Scheduled SSL VPN access

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website