Why does a policy trace not match a rule based on username or group when the trace shows the user as authenticated.


Article ID: 167515


Updated On:


ProxySG Software - SGOS


When configuring a ProxySG appliance it is possible to setup multiple authentication realms that point to the same or different authentication authority or server.  When you create a rule based on username or group, the authentication realm used must match the realm used to request authenticatication.

For example, if you configure two realms Authrealm1 and Authrealm2 and configure all users to be authenticated against Authrealm2, any rules matched in the access layer based on username or group must be against user/groups in Authrealm2.  Any access rules created to match a user in Authrealm1 will not match and show as N/A or skipped.