Access to ProxySG management console GUI is prompting for credentials even though policy is configured to allow access from source IP address

book

Article ID: 169111

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

You may have relied on admin access policy configuration to allow administrators at specified client IP addresses to access the management console of the ProxySG on SGOS 6.6.2.x and prior without getting prompted for authentication credentials. 

For example, the following CPL policy allows administrators accessing from the source IP address of 10.11.12.13 to access the management console with read-write privileges without getting prompted for credentials in 6.5.9.8:

<Admin> 
ALLOW client.address=10.11.12.13 admin.access=(READ, WRITE)

After upgrading to 6.6.3.2, the following policy will still be effective but administrators at the specified source IP address will be prompted for authentication credentials. 

Cause

As of SGOS 6.6.3.2 and later, for security purposes, the ProxySG no longer supports unauthenticated administrator access. That means no matter how admin access policy is configured, access to the management console will now always prompt for authentication credentials.

Resolution

Any administrator that should be granted access to the management console of the ProxySG should be given a username and password. When providing the built-in console account credentials is not practical, it is necessary to configure admin authentication using authentication services, such as Microsoft Active Directory (see Use policy to control ProxySG administrator access for more information). Alternatively, you can also configure a local authentication realm on the ProxySG (see Configuring local realm for management console access on ProxySG for more information).