Using a different authentication mode based on protocol.
HTTP web requests work with authentication, but FTP connections don't work correctly with authentication.
Some application requests work, but most of the time they fail.
My application is not able to get out to the internet. How can I work around the problem?
This example does not bypass authentication. It gives an example where a particular authentication mode may not work for all protocols (for example proxy-ip not working correctly with FTP). It may be necessary to authenticate the user with a different mode in order for authentication to work. One such example is the FTP protocol and the proxy-ip authentication mode. When using the proxy-ip mode with FTP, the first authentication request succeeds, but subsequent authentication requests result in the FTP connection failing. To address the problem, for FTP traffic, you use the proxy authentication mode instead of the proxy-ip mode.
This example assumes that you already have policy in place to authenticate users and that the authentication mode used is proxy-ip. The following steps will help you create a second authentication object that uses a different authentication mode than the one currently configured. In this example, any FTP traffic (FTP traffic uses TCP port 21) will be authenticated using the proxy mode instead of the proxy-ip mode.
NOTE: The Web Access layer does not need any new rules because the request is still being authenticated. It is just using a different mode of authentication.