Students bypassing filtering
-
We are seeing a problem in multiple labs where students are able to bypass filtering. Basically, the firewall shows that the teacher (who is logged into the master) is also logged in to multiple clients, even though they are not. When students login, they are seen as the teacher by the firewall and able to access sites they should not have access to. This seems to be platform independent as one lab is all Windows 10 (latest build). The other is mostly Win10, but the teacher uses Ubuntu 21.04.
Running Veyon 4.5.4
Firewall is a FortiGate 501E v6.2.4 build1112
Domain controllers are Win servers 2012r2 and connect to Fortinet Sign-On Agent. -
When Veyon Master connects to client computers, the Veyon Server/Service on the client computers check the teacher's credentials by performing a temporary internal user logon with the teacher's username and password. However it does not initiate a real user sessions so I wonder why your firewall recognizes the teacher as being logged on (obviously it only tracks login events?). All you can do here Veyon-side is to switch to key file authentication globally. Then client computers simply verify messages from Veyon Master (signed with the private key master-side) instead of the user credentials.
-
@tobydox After further investigation, the student's are able to bypass the firewall. For example, students accounts are prohibited from visiting Reddit.com. However, if the teacher computer is running Veyon, the client can go to Reddit and the firewall records it as traffic under the teachers account. This is a serious issue for us.
If the teacher computer is not turned on, filtering works correctly.