Incorrectly set up <Admin> layers can produce log in-related issues and security risks such as the following:

1. Unable to logout from ProxySG Web-Console. Clicking the logout button will just refresh the page and administrator will still be logged in.
2. No password prompt when accessing the Web-Console. It will give access to anyone trying to login to proxy’s web-console without authentication.

These issues are produced when the <Admin> layer(s) is not set up correctly. A possible scenario is when an “Admin Access Layer” is present without a corresponding “Admin Auth Layer”, a rule in the “Admin Access Layer” such as the following results in unrestricted access:

<Admin>
    ALLOW admin.access=(READ, WRITE)

    The above rule will give anyone “Read-Write” access to the ProxySG without any authentication as there is no “Admin Auth Layer”.

Important: Admin Access Layers should be carefully designed. Rules like the one above can grant full admin rights to the wrong users.