Faris Khan Lv2Posted 14 Nov 2022 15:11

Dear Community,
I am facing an issue with NGAF as i have configured the NGAF at HQ and at branch site and connected them with sangfor VPN. the primary AD server is at HQ and the secondary is at branch but both server are in sync. I configured the SSO through scripting and Domain controller based also. The Non AD user can see the POP-UP that SANGFOR SSO is configured . and NON AD user are not Allow to use the internet. but yet they are able to use the internet. and as i diagnose the issue i saw the NON AD user is using internet through VPN HQ NGAF because i just only configured the SSO only at branch site first. there is no tunnel route in the VPN. why my ANY User are using VPN tunnel for internet. this tunnel should be use for the private network only? any idea or sugegstion?

Review one by one your policy. Maybe you miss something.
RegiBoy Lv4Posted 21 Nov 2022 10:21
Can you share you screen shots of your policy to further understand?
babeshuka Lv2Posted 21 Nov 2022 10:29
Please review your policy. The specific should be on top.
rivsy Lv4Posted 21 Nov 2022 10:30
Did you configure the group (which the AD user) to the "Polices" tab that only allowed to connection (thru IP address or MAC)?
Pat Lv3Posted 21 Nov 2022 10:44
Check you configuration on VPN for HQ
Naomi Lv3Posted 21 Nov 2022 10:50
damulagski Lv2Posted 21 Nov 2022 10:54
What is the current status when it is out of the office?
soneosansan Lv2Posted 21 Nov 2022 10:58
it is more complicated.
Arleng Lv2Posted 21 Nov 2022 11:01
something is wrong with your policy. you may want to review it
nobitachou Lv2Posted 21 Nov 2022 11:01
Following this topic. I am also eyeing to this solutions

