Non AD user using internet.

Faris Khan Lv2Posted 14 Nov 2022 15:11

Dear Community,
I am facing an issue with NGAF as i have configured the NGAF at HQ and at branch site and connected them with sangfor VPN. the primary AD server is at HQ and the secondary is at branch but both server are in sync. I configured the SSO through scripting and Domain controller based also. The Non AD user can see the POP-UP that SANGFOR SSO is configured . and NON AD user are not Allow to use the internet. but yet they are able to use the internet. and as i diagnose the issue i saw the NON AD user is using internet through VPN HQ NGAF because i just only configured the SSO only at branch site first. there is no tunnel route in the VPN. why my ANY User are using VPN tunnel for internet. this tunnel should be use for the private network only? any idea or sugegstion?

Naomi has solved this question and earned 20 coins.

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

Review one by one your policy. Maybe you miss something.
Is this answer helpful?
Faisal P Posted 27 Nov 2022 23:22
  
A VPN hides your IP address, and therefore, your real location. When you use a VPN, your internet traffic is rerouted through an encrypted virtual tunnel
Newbie308427 Posted 25 Nov 2022 23:43
  
i think answer by @CTI_JianJie is most reliable
Faris Khan Lv2Posted 24 Nov 2022 17:18
  
Dear User,
Thank you for all your response. As we further diagnose the issue. checked the policy multiple time. there is no tunnel route in the VPN. The non authenticated user were able to use internet because in authenication sso tab advance option has a check that allow user to a have access the DNS server before authentication. that was checked when we unchecked it the issue was resolved. thank you all for the response. it help us to diagnose the issue.

Thank you
CTI_JianJie Lv2Posted 24 Nov 2022 15:23
  
Hi, there is only one option in the Sangfor VPN to achieve the branch user's access internet via the HQ firewall.
When the Sangfor VPN tunnel route "enabled access internet via destination route user", else it will not route other traffic to the VPN tunnel.
Please do check on the setting above, if the issue is not working as expected, we suggest sending an email to tech.support@sangfor.com for us to assist on the problem.
Farina Ahmed Lv5Posted 22 Nov 2022 13:57
  
Very nice topic and very good question, because no non ad user have to privilege's to use the VPN tunnel as it is related to our organization security. First of all, look at your policy, it might not be working or implemented yet. Second thing, segment your network which is very necessary in this case. The guest users/non ad users should be on different network and not on the same network so in this way that traffic can be controlled.
arjay Lv3Posted 22 Nov 2022 12:09
  
Please double check your policies
jetjetd Lv5Posted 21 Nov 2022 23:40
  
You need to double check your VPN policy.
sanjigerma Lv3Posted 21 Nov 2022 14:05
  
Please rescan your policy, maybe there were some misconfig
Imran Tahir Lv4Posted 21 Nov 2022 12:50
  
Recheck the policy
kmrnliaqat Lv3Posted 21 Nov 2022 12:28
  
Review your polices.

I Can Help:

Change

Moderator on This Board

11
7
5

Started Topics

Followers

Follow

1
3
5

Started Topics

Followers

Follow

0
4
5

Started Topics

Followers

Follow

67
20
3

Started Topics

Followers

Follow

3
14
3

Started Topics

Followers

Follow

1
137
3

Started Topics

Followers

Follow

Board Leaders