2 Replies Latest reply on Aug 28, 2012 12:23 AM by gnn_nicolas

    Authentication problem on MFE using MLC



      I am having an issue with rules on a Firewall I've been testing.

      I use (Passive)MLC and I am able to test the MLC Connection



      When I select <Authenticated> in groups, I am able to access the website, but when i select a group I am a member of, I cannot access.

      Why is MLC group not working?


      Audit (1):

      Alert_actions    None

      Alert_name    IPS

      Alert_type    Attack

      Area    server

      Cmd    auditbotd

      Date    2012-08-16 11:50:08 +0400

      Domain    Abot

      Dropped_count    2

      End_time    2012-08-16 11:50:08 +0400

      Event    alert dropped

      Facility    auditbotd

      Logid    0

      Num_events    1

      Pid    1081

      Priority    major

      Reason    alert within alarm interval

      Sacap_filter    (type AUDIT_T_ATTACK)&&(priority AUDIT_P_EMERGENCY || priority AUDIT_P_ALERT || priority AUDIT_P_CRIT || priority AUDIT_P_FATAL || priority AUDIT_P_MAJOR)

      Start Time    2012-08-16 11:50:08 +0400

      Syslog    3

      Syslog    Errors (3)

      Type    alert




      App Risk    low

      App_categories    infrastructure

      Application    HTTP

      Area    general_area

      Attackip :myipaddress

      Attackzone    internal

      Auth_method    Passive (MLC)

      Category    policy_violation

      Date    2012-08-16 11:53:15 +0400

      Dest Port    80

      Dest Zone    external

      Dst_geo    MY


      Event    ACL deny

      Facility    kernel_ipfilter

      Netsessid    28c23502ca6eb

      Priority    major

      Protocol    6

      Reason    Traffic denied by policy.

      Rule_name    <Deny All>

      Source Port    50991

      Source Zone    internal

      Srcip    myipaddress

      Syslog    2

      Syslog    Critical (2)

      Type    attack

        • 1. Re: Authentication problem on MFE using MLC

          The audit messages (particularly the 2nd one) suggest that the Firewall is unable to match you to the rule you have created and as a result the connection is falling through and hitting the "Deny All" rule.


          Go to the Policy -> Rule Elements -> Passport screen and click on the "Manage Passports" button (in the top right-hand corner). This should present you a list of authenticated user accounts passed to the Firewall by MLC.


          Can you see your user session in the list and does the "External Group" column include the group you have assigned to your HTTP browsing rule?



          1 of 1 people found this helpful
          • 2. Re: Authentication problem on MFE using MLC

            It seems that there was a sync problem with my MLC Group and Users on the server. Manually synchronizing the Group and Users did the thing.