EX SSL-VPN: Users are able to login to Workplace even though max session limit is reached and it doesn't throw the message on only with HA pair
Users are able to login to Aventail Worokplace even though max session limit is reached if the source IP is different and this is reported only with HA setup appliance. Standalone setup appliances work as expecrted in prompting users when they exceed the configured session limit. This issue is reported if the users are using different internet connection or shared internet and set maximum session up to 2 in the Realms. If it works as expected, user will get the following message "Your session is reached the maximum, click OK or terminate the session". However this doesn't happen on Cluster environment and this properly works on Standalone.
SonicWall Support has confirmed this issue only on HA cluster setup and this will be addressed in upcoming firmware version-10.6.
How to Test:
Repro Steps ==========
Setup HA Pair
Configure AD or local authentication
Create a new Realm and set the maximum sesison to 2
Login to workplace on PC1 test1, he is able to login to WP sucessfully request goes to Node1
Login to workplace on PC2 test1, he is able to login to WP sucessfully request goes to Node2
Login to workplace on PC2 test1, he still be able to login to WP sucessfully, request goes to Node1 thats was the reason he is able to login, this user suppose to get the message "your session is reached limit "click to OK or terminate the session
As per the scenario if 5th user login to workplace he will get a message to terminate the user, since this request again goes to Node1, and this will be 3rd user for that node.
But with HA cluster pair he is able to launch workplace sucessfully, even though set the max sessions to 2 not suppose to login.
We need to check the access_servers.log and check #policinfo on both the nodes, how many users consumed the users session