SSLVPN Traffic rules not working after applying Access Manager SP1 Release Candidate 1

  • 3799310
  • 04-Jul-2007
  • 26-Apr-2012

Environment


Novell Access Management 3 Linux Access Gateway
Novell Access Management 3 SSLVPN Server
Novell Access Management 3 Access Administration

Situation

Access Manager 3 setup with SSLVPN and Linux Access Gateway on seperate devices. The SSLVPN clients could tunnel requests through the server to the protected resources without problems. New traffic rules could be applied and the SSLVPN clients, upon relogging in would be able to inherit these new rules.

After applying Access Manager 3 Support Pack 1 release Candidate 1 however, any new rules that were applied in the Administration Console would not be visible to the users running the SSLVPN client. These clients, looking at the policies tab available after connecting, would never see the newly configured rules that should have applied to them.

Looking at the /etc/opt/novell/sslvpn/config.xml, one could see that the rules were indeed sent over to the SSLVPN server by the Admin Console, but the status of these newly configured rules were false. A typical example of the problem would be the following, where a new rule was configured denying all users access to all UDP applications on the 147.2.35.0/22 subnet ... even though the Admin Console claimed the rule was enabled, the status field clearly showed it was not.


Any
147.2.35.0
255.255.252.0
Any
Deny


Resolution

Select the newly created SSLVPN traffic rule in the Admin Console and disable and re-enable it. Note that there will be no indication given that the rule is disabled, and re-enabled but the status field in the above config.xml should now show true after the operation is carried out. Once this is the case, the SSLVPN users will be able to see this newly added policy.

This bug will also be fixed in the next build.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.