cancel
Showing results for 
Search instead for 
Did you mean: 

Authentication problem on MFE using MLC

Jump to solution

Hi,

I am having an issue with rules on a Firewall I've been testing.

I use (Passive)MLC and I am able to test the MLC Connection

When I select <Authenticated> in groups, I am able to access the website, but when i select a group I am a member of, I cannot access.

Why is MLC group not working?

Audit (1):

Alert_actions    None

Alert_name    IPS

Alert_type    Attack

Area    server

Cmd    auditbotd

Date    2012-08-16 11:50:08 +0400

Domain    Abot

Dropped_count    2

End_time    2012-08-16 11:50:08 +0400

Event    alert dropped

Facility    auditbotd

Logid    0

Num_events    1

Pid    1081

Priority    major

Reason    alert within alarm interval

Sacap_filter    (type AUDIT_T_ATTACK)&&(priority AUDIT_P_EMERGENCY || priority AUDIT_P_ALERT || priority AUDIT_P_CRIT || priority AUDIT_P_FATAL || priority AUDIT_P_MAJOR)

Start Time    2012-08-16 11:50:08 +0400

Syslog    3

Syslog    Errors (3)

Type    alert

Audit(2):

App Risk    low

App_categories    infrastructure

Application    HTTP

Area    general_area

Attackip :myipaddress

Attackzone    internal

Auth_method    Passive (MLC)

Category    policy_violation

Date    2012-08-16 11:53:15 +0400

Dest Port    80

Dest Zone    external

Dst_geo    MY

Dstip    58.26.1.42

Event    ACL deny

Facility    kernel_ipfilter

Netsessid    28c23502ca6eb

Priority    major

Protocol    6

Reason    Traffic denied by policy.

Rule_name    <Deny All>

Source Port    50991

Source Zone    internal

Srcip    myipaddress

Syslog    2

Syslog    Critical (2)

Type    attack

1 Solution

Accepted Solutions

Re: Authentication problem on MFE using MLC

Jump to solution

It seems that there was a sync problem with my MLC Group and Users on the server. Manually synchronizing the Group and Users did the thing.

2 Replies
PhilM
Level 14
Report Inappropriate Content
Message 2 of 3

Re: Authentication problem on MFE using MLC

Jump to solution

The audit messages (particularly the 2nd one) suggest that the Firewall is unable to match you to the rule you have created and as a result the connection is falling through and hitting the "Deny All" rule.

Go to the Policy -> Rule Elements -> Passport screen and click on the "Manage Passports" button (in the top right-hand corner). This should present you a list of authenticated user accounts passed to the Firewall by MLC.

Can you see your user session in the list and does the "External Group" column include the group you have assigned to your HTTP browsing rule?

-Phil.

Re: Authentication problem on MFE using MLC

Jump to solution

It seems that there was a sync problem with my MLC Group and Users on the server. Manually synchronizing the Group and Users did the thing.