cancel
Showing results for 
Search instead for 
Did you mean: 

Bypass Authentication

Jump to solution

I know this topic has been talked about a lot.  I'd like to bypass authentication for a IP or range of IP's.  If I edit the rule set and put in the IP that should bypass authentication, it doesn't work.  If it put an actual rule, it bypasses authentication just fine. What am I missing here?  I feel like this is a pretty stupid question but kind of stumped.

6-7-2011 3-10-14 PM.jpg

0 Kudos
1 Solution

Accepted Solutions
McAfee Employee

Re: Bypass Authentication

Jump to solution

Shot in the dark but, I would guess the problem is related to logic of the top level criteria. You are using some negative logic which can be tricky.

You are saying:

Client.IP is not in this list OR Client.IP is not in this list.

You most likley need to say:

Client.IP is not in this list AND Client.IP is not in this list.

0 Kudos
4 Replies
jont717
Level 12

Re: Bypass Authentication

Jump to solution

Seems like this should work, but the best way to do it is by an actual rule, which you already said does work.

Have authentication set to always, then make rules for any type of authentication bypass you want and put these before the actual authentication happens.

This is the way I do it because we also have URL bypass lists.

0 Kudos
McAfee Employee

Re: Bypass Authentication

Jump to solution

Shot in the dark but, I would guess the problem is related to logic of the top level criteria. You are using some negative logic which can be tricky.

You are saying:

Client.IP is not in this list OR Client.IP is not in this list.

You most likley need to say:

Client.IP is not in this list AND Client.IP is not in this list.

0 Kudos

Re: Bypass Authentication

Jump to solution

Changing it to "AND" fixed the issue!  I would've that the OR statement should have worked, but I'm honestly not the best a logic at times.  Thanks again jont717 and Jon S for the helpful advice!

0 Kudos
McAfee Employee

Re: Bypass Authentication

Jump to solution

The reason it didnt work in the original setup (OR) is because, you would have to NOT be in both lists.

In the second setup (AND), you must NOT be in one of the lists.

If you want to read further into it, checkout the wiki article on truth tables, it was helpful for me (more in general rather than specifically to web gateway):

http://en.wikipedia.org/wiki/Truth_table

I was going to try and explain it a bit further, but was afraid I might add confusion.

0 Kudos