Firewall sees the users as it is given by MLC. i.e firstname.lastname@example.org.
Were you able to see all the users on MLC logon report and were you able to see the passive passports for the authenticated users for which the rule is is defined to allow from vpn to internal zone?
I'm not really sure to understand your questions. On MLC server if I run a logon report I see all the domain users with their IP address, no problem here. On the firewall Policy/Rule Elements/Passport/Manage Passports I see all the domain users, no problem here either. On these days I been working on the Active Directory authenticator that was made for authenticate VPN users and with an LDAP filter I restricted the search on AD tree by allowing firewall to browse on users on an specific group that was made to contain vpn users. The issue I need to resolve now is on the rule that allow to pass from VPN zone to the internal zone. If I add an allowed VPN user on the rule no user can access any device on the internal network from VPN zone.
My idea is to have a couple of VPN rules that allow:
Rule VPN 1 allow user A to server X
Rule VPN 2 allow user B to server Y
Can this be done?
Thanks very much.
The way I would troubleshoot this is to see if the IP address that is assigned to the VPN Client shows up as a logged-in user in MLC.
When clients login from their PCs at home how do they logon to the domain? Do they turn the VPN client on and then somehow logon to the domain? What networks do you specify in your VPN definition?
Do the IP addresses you are trying to reach over the VPN reside off the internal interface? A 'route -n get x.x.x.x' will show you the interface and zone.