WSAM session leakage?

tech_dude_ · ‎02-26-2009

We have an SA 2500, with 6.3r.2.0

I have a weird issue.

My understanding was that the SSLVPN tunnel would stay tied to the browser that initiated it.

In our case, we launch IE and connect to the SA 2500. Once the tunnel is up, we can browse internal sites.

That part is fine..

Then we launch Firefox (while the SSLVPN tunnel is still up in IE), and we can reach internal websites from firefox, even though it didn't initiate the SSLVPN session...

Is this a bug, a misconfiguration on our part, or designed behavior? If a misconfiguration on our part, what setting do I have to do make the SSLVPN tunnel browser-sessions specific?

Tested from a WinXP Pro w/SP3, IE7 and FF 3.x

Tica_ · ‎02-27-2009

Hello,

What is your actual wsam configuration? How do you tunnel your iexplorer towards your lan?

-

Tim

tech_dude_ · ‎02-27-2009

On the landing page, we have 3 links..

Our intranet portal (http)

Webmail (https)

Link to our Citrix Presentation server (starts as http, then https)

WSAM tunnels\allows Citrix ports (1494, 2598) to the whole 10.x.x.x network.

Weird thing is I can reach OTHER internal sites from firefox even though IE initiated the session.

Tica_ · ‎02-27-2009

Hmm

It could be several things

1) persistant sessions is enabled (user roles -> <role name> -> session options), and you allow browsing of other sites

2) You test PC has another access towards you lan (wifi, proxy settings in ff, ...)

otherwise take a tcpdump on you internal interface of your IVE. There you can see if that traffic is passing the IVE.

-Tim

DeaconZ_ · ‎03-11-2009

Add Firefox.exe to the list of applications to bypass SAM in your WSAM role settings.

WSAM session leakage?

WSAM session leakage?

Re: WSAM session leakage?

Re: WSAM session leakage?

Re: WSAM session leakage?

Re: WSAM session leakage?