[IAG] Before authentication, the user can access the specified website directly without authentication: Pre-authentication policy configuration error
Problem Description
For intranet users to perform password authentication, it is necessary to allow access to designated internal websites before authentication. After the strategy is made, intranet users can access all websites without authentication.
Process——
- Check the authentication policy, configure password authentication, and enable the advanced option of post-authentication processing to use this group of permissions to access the Internet before authentication.
- Check the configured pre-authentication policy and find that a policy of allowing access is made, but there is no policy of denying all applications, which causes users to directly use the permissions of this group to access the Internet.
42215b8018def1f4d.png (50.32 KB) - Modify the Internet access policy, add a deny all policy after the open policy, and implement the open access to the specified website before authentication
834225b80197192205.png (53.22 KB)
solution
Add a deny all policy after the release policy to allow the specified website to be accessed before authentication
Original Link
https://support.sangfor.com.cn/cases/list?product_id=22&type=1&category_id=6364&isOpen=true