EX SSL-VPN: Difference between Anonymous, Not-Authenticated and "UNKNOWN in Aventail Advance Report

03/26/2020 4 People found this article helpful 34,381 Views

Download

Print

Share

• LinkedIn
• Twitter
• Facebook
• Email
• Copy URL The link has been copied to clipboard

Description

EX SSL-VPN: Difference between Anonymous, Not-Authenticated and "UNKNOWN in Aventail Advance Reporting tool

Resolution

Question:

On analysing the imported extraweb_access log in the Aventail Advanced Reporting we see messages as Anonymous, Not-Authenticated and UNKNOWN.

What does this messages mean?

Resolution/Workaround:

UNKNOWN
=========
Without knowing the authentication method that is use, it isn't possible to know what "UNKNOWN" means, This occurs while the authentication code can't figure out who the user is for some reason where the users authentication method is now known.

Anonymous
=========
Anonymous are sessions that are logged in without a username and password. Extraweb creates anonymous sessions to download the preauth agents, that might be what this is. Enabling the NULL authentication module will also result in anonymous sessions showing up in your logs.

Not Authenticated
==============
"not authenticated" likely indicates sessions that are terminated for some reason before the authentication process has completed and so these session have no user attached to them and are marked as "not authenticated". This may also indicate sessions where the authentication challenge failed and the session was thus not authenticated and terminated.

Tracking ID: N/A

Related Articles

• Product Security Notice: SMA 100 Series Vulnerability Patches (Q4 2021)
• Initial Setup Guide of SMA1000 for high security environments
• How can I get root access to SMA100

Categories

• Secure Mobile Access > SMA 1000 Series