-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Product: Ingate Firewall
Versions: 4.1.3 and earlier
Tracking ID: 1826

Summary
=======

Active PPTP tunnels in Ingate Firewall are not deactivated when a
PPTP user is disabled.

If a user has an active PPTP connection to an Ingate Firewall, and
that user is disabled on the Firewall, the active PPTP connection is
not disconnected, but lives on unharmed. Only when the user
disconnects does the block take effect; the next time he tries to
connect, he is not allowed to set up a connection.

Impact
======

If a user is being disabled by the firewall administrator while he has
an active tunnel, that tunnel can live on. He can thus have access to
the resources protected by the firewall for a long time after he was
disabled.

Workaround
==========

When you disable a PPTP user, also turn off the PPTP server and apply
the configuration. This will tear down all PPTP connections. Then
enable the PPTP server and apply the configuration again.

Solution
========

Ingate will provide a fix for this problem in a future upgrade. No
release date has been set yet.

Thanks
======

Thanks to Neil Watson at Voicegenie who reported this problem.

Further updates on this issue will be sent to our mailing list
http://lists.ingate.com/mailman/listinfo/productinfo

Further questions regarding this issue can be directed to
support@ingate.com.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD4DBQFB+MEUTl5zjNKUYI4RAvmoAJjVt7scBKr8dJGiPpb8feXsn8UfAJ91i/SP
NHd+u6v51uZCbKSgy/22pQ==
=eF2N
-----END PGP SIGNATURE-----