Disable storage of last logged in username or disable Caching Username in Connect Tunnel.
03/26/2020 4 7890
Connect Tunnel Not to store last logged in username or not to Cache Username.
As per security policy for certain organization's post logout of Users Connect Tunnel session they would prefer not to display the username field (Last logged in Username).
Post logout Username field to be cleared or empty.
- SMA 1000 Series Appliance to be with 11.4.0-486 and to be applied with Pform-hotfix-686 and Clt-hotfix-686.
- Connect Tunnel Client to be downloaded from specific appliance which has above hotfix. (22.214.171.1241 or above). or upgrade to specific client version post applying of hotfix.
- Select Secure Mobile Access| Management Console| User Access | Realms | Select desired Realm | Specific community| Access Methods| Tunnel (IP Protocol) | configure| User Cached credentials set to Never.
Eg: Connect Tunnel options for desired community:
- CEM Keyname set to EVPN_DISABLE_USERNAME_CACHE and Value set to 1. (Recommended to be applied under SonicWALL Technical Support Guidance).
Once the above pre-requisites and Configuration changes are made, All consecutive logins will have Username field empty or cleared.
How to verify if the CEM Value is applied correctly or not?
SSH to the appliance and execute below script displays the CEM Value?
Post tunnel Connection on local users Machine a key value gets added to the registry:
As Dont Cache Uname set to 1.
This solution has been tested and verified to be functional.
Corrupt Connect Tunnel Installers could be uninstalled or cleared with help of Clientcleanup Utility.
NOTE: Info that needs to be provided for Technical Support for Troubleshooting:
- Client Operating System version and updates applied to the Operating System.
- Connect Tunnel Client Version.
- CEM Value applied Screenshot from GUI as well as SSH.
- This fix would work with all proper Connect Tunnel Client Laptops / Desktop installs.