cancel
Showing results for 
Search instead for 
Did you mean: 

WSAM session leakage?

Highlighted
Contributor

WSAM session leakage?

We have an SA 2500, with 6.3r.2.0

I have a weird issue.

My understanding was that the SSLVPN tunnel would stay tied to the browser that initiated it.

In our case, we launch IE and connect to the SA 2500. Once the tunnel is up, we can browse internal sites.

That part is fine..

Then we launch Firefox (while the SSLVPN tunnel is still up in IE), and we can reach internal websites from firefox, even though it didn't initiate the SSLVPN session...

Is this a bug, a misconfiguration on our part, or designed behavior? If a misconfiguration on our part, what setting do I have to do make the SSLVPN tunnel browser-sessions specific?

Tested from a WinXP Pro w/SP3, IE7 and FF 3.x

4 REPLIES 4
Highlighted
Occasional Contributor

Re: WSAM session leakage?

Hello,

What is your actual wsam configuration? How do you tunnel your iexplorer towards your lan?

-

Tim

Highlighted
Contributor

Re: WSAM session leakage?

On the landing page, we have 3 links..

Our intranet portal (http)

Webmail (https)

Link to our Citrix Presentation server (starts as http, then https)

WSAM tunnels\allows Citrix ports (1494, 2598) to the whole 10.x.x.x network.

Weird thing is I can reach OTHER internal sites from firefox even though IE initiated the session.

Highlighted
Occasional Contributor

Re: WSAM session leakage?

Hmm

It could be several things

1) persistant sessions is enabled (user roles -> <role name> -> session options), and you allow browsing of other sites

2) You test PC has another access towards you lan (wifi, proxy settings in ff, ...)

otherwise take a tcpdump on you internal interface of your IVE. There you can see if that traffic is passing the IVE.

-Tim

Highlighted
Frequent Contributor

Re: WSAM session leakage?

Add Firefox.exe to the list of applications to bypass SAM in your WSAM role settings.