cancel
Showing results for 
Search instead for 
Did you mean: 

WSAM session leakage?

tech_dude_
Contributor

WSAM session leakage?

We have an SA 2500, with 6.3r.2.0

I have a weird issue.

My understanding was that the SSLVPN tunnel would stay tied to the browser that initiated it.

In our case, we launch IE and connect to the SA 2500. Once the tunnel is up, we can browse internal sites.

That part is fine..

Then we launch Firefox (while the SSLVPN tunnel is still up in IE), and we can reach internal websites from firefox, even though it didn't initiate the SSLVPN session...

Is this a bug, a misconfiguration on our part, or designed behavior? If a misconfiguration on our part, what setting do I have to do make the SSLVPN tunnel browser-sessions specific?

Tested from a WinXP Pro w/SP3, IE7 and FF 3.x

4 REPLIES 4
Tica_
Occasional Contributor

Re: WSAM session leakage?

Hello,

What is your actual wsam configuration? How do you tunnel your iexplorer towards your lan?

-

Tim

tech_dude_
Contributor

Re: WSAM session leakage?

On the landing page, we have 3 links..

Our intranet portal (http)

Webmail (https)

Link to our Citrix Presentation server (starts as http, then https)

WSAM tunnels\allows Citrix ports (1494, 2598) to the whole 10.x.x.x network.

Weird thing is I can reach OTHER internal sites from firefox even though IE initiated the session.

Tica_
Occasional Contributor

Re: WSAM session leakage?

Hmm

It could be several things

1) persistant sessions is enabled (user roles -> <role name> -> session options), and you allow browsing of other sites

2) You test PC has another access towards you lan (wifi, proxy settings in ff, ...)

otherwise take a tcpdump on you internal interface of your IVE. There you can see if that traffic is passing the IVE.

-Tim

DeaconZ_
Frequent Contributor

Re: WSAM session leakage?

Add Firefox.exe to the list of applications to bypass SAM in your WSAM role settings.