NSA 3600 SSLVPN Mass User Logout
Hello,
I'm investigating an issue where we had 22 users connected to our SSLVPN through the Netextender app logged out at the same time. This is the second time this has happened since updating our firmware to 6.5.4.6-79n from 6.2.7.1-23n less than 60 days ago. These devices never did this prior to the firmware update, is this a known issue with this firmware?
We don't have inactivity logout set for the SSLVPN and we have plenty of available licenses available, usually only around 70 users with 150 licenses.
I've reviewed the Logs and there are no details that help. In this case it was 22 "inform" entries at the exact same time with no notes where it would normally say what policy it the log entry belongs to. Clicking on the entries vices me the User Name, session time (all are different) and IP address, Priority is "Inform" and Message is "User Logged Out - $username".
I've also monitored the CPU load of the Devices (Running 2 NSA's one as HA) and there is nothing out of the ordinary.
Is there anything we can try before we roll-back the firmware?
Thanks,
Answers
Hello @cwilliams,
Welcome to SonicWall community.
If the inactivity timeout and license count are fine, could you please check if there is MFA like TOTP or OTP via email set for the users using SSLVPN?
If yes, does it work fine when that feature is disabled?
But, I think other than that you have verified the other configuration that might cause this.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
We don't use any MFA at all on these devices.
@cwilliams,
That was the only reported issue that I could find. If you are okay to troubleshoot a little bit more, feel free to contact SonicWall Support so that we can get to the root cause of this issue.
If you are confident about the firmware, then rollback would be a quick fix. Just a heads up that if you have saved a local backup on the firewall, this would be really easy. Please free to refer to this article for more details and other methods.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
May be It depends on the version you are using.
Identical issue:
Fixed with HFGEN6-2333