I am having an issue with rules on a Firewall I've been testing.
I use (Passive)MLC and I am able to test the MLC Connection
When I select <Authenticated> in groups, I am able to access the website, but when i select a group I am a member of, I cannot access.
Why is MLC group not working?
Date 2012-08-16 11:50:08 +0400
End_time 2012-08-16 11:50:08 +0400
Event alert dropped
Reason alert within alarm interval
Sacap_filter (type AUDIT_T_ATTACK)&&(priority AUDIT_P_EMERGENCY || priority AUDIT_P_ALERT || priority AUDIT_P_CRIT || priority AUDIT_P_FATAL || priority AUDIT_P_MAJOR)
Start Time 2012-08-16 11:50:08 +0400
Syslog Errors (3)
App Risk low
Auth_method Passive (MLC)
Date 2012-08-16 11:53:15 +0400
Dest Port 80
Dest Zone external
Event ACL deny
Reason Traffic denied by policy.
Rule_name <Deny All>
Source Port 50991
Source Zone internal
Syslog Critical (2)
Solved! Go to Solution.
The audit messages (particularly the 2nd one) suggest that the Firewall is unable to match you to the rule you have created and as a result the connection is falling through and hitting the "Deny All" rule.
Go to the Policy -> Rule Elements -> Passport screen and click on the "Manage Passports" button (in the top right-hand corner). This should present you a list of authenticated user accounts passed to the Firewall by MLC.
Can you see your user session in the list and does the "External Group" column include the group you have assigned to your HTTP browsing rule?