Incorrectly set up <Admin> layers can produce log in-related issues and security risks such as the following:
These issues are produced when the <Admin> layer(s) is not set up correctly. A possible scenario is when an “Admin Access Layer” is present without a corresponding “Admin Auth Layer”, a rule in the “Admin Access Layer” such as the following results in unrestricted access:
<Admin>
ALLOW admin.access=(READ, WRITE)
The above rule will give anyone “Read-Write” access to the ProxySG without any authentication as there is no “Admin Auth Layer”.
Important: Admin Access Layers should be carefully designed. Rules like the one above can grant full admin rights to the wrong users.