From CCSA Manual: “Connections that need to be made directly to the gateway, such as Client Authentication, encryption, and Content Vectoring Protocol (CVP) rules, always go above the Stealth rule.” (“The Rule Base” section, “Cleanup and Stealth Rules”).
This is how I understand it:
the authentication rule is undoubtedly rule 4 (user auth --- User Authentication allows you to provide authentication for five different services: Telnet, rlogin, HTTP, HTTPS, and FTP.). By the rulebase we guess that specifically for http on the server is how we will want the user to authenticate to destination server webSingapore. This means that the fw will intercept this http authentication to the server, and (i suppose) will redirect us to a fw-1 http window where to authenticate. This exactly matches the condition on rule 4, because now we will be connecting to the fw, so it will drop this and so the redirection to http on the fwsingapore wont appear and we wont be able to authenticate through the fw and therefore also not with our destination server.
That makes no sense. If the traffic is accepted by rule 2, then it can't be dropped by rule 3.
I don't see any issue here, to be honest. This is user authentication (not client authentication), so there is no need to authenticate directly to the security gateway. Hence stealth rule is not an issue.
upvoted 4 times
...
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
zorolo
4 months agomauchi
1 year, 6 months agoSnir
1 year, 11 months agoDrTee
1 year, 11 months agorhaphaexzzux
2 years, 4 months agoKurp
2 years, 3 months agoNickname_00
2 years, 4 months agoC4rlos
2 years, 3 months ago