Last Modified: Nov 07, 2022
See more info
Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3
Opened: Jun 01, 2017
After APM end users establish a session from one client IP address, if they roam and get a different client IP address, the DTLS tunnel will still be able to establish, because the system does not enforce 'Restrict to Single Client IP'.
The DTLS tunnel will be established, which allows the client to access internal network resources from forbidden subnet.
The client IP used to establish the session is different from the client IP used to establish DTLS tunnel and the 'Restrict to Single Client IP' setting is enabled.
Disable usage of DTLS tunnel.
The 'Restrict to Single Client IP' setting is enforced correctly for DTLS tunnel.