and Thank you LLigetfa, but what i am shocked from is that users has rule to allow them to use HTTPS , so why they r accessing the first rule in my rule orders ?
sometimes i see them with Failed Connection , and then below this , connection is Allow with a different rule that doesnt authenticate them to use it !!!
why secure sockets dont count ???
what if i want to use a Whitelist HTTPS access ?? then will it be useless , and users will still be able to use the IT Rule which permits everything ??
Posts: 2187
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
Well... never trust what you read, especially on the internet. :p SSL does not count because the SSL packets are encrypted so the username cannot be garnered for the log. Test it for yourself.
_____________________________
The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.
Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
the subject of the topic was interesting and grapped my eyes , i started the monitoring and for the first time i see this is true with me also in one of my LANs ( didnt examine the others yet ).
Glad to hear that its just a LOG but not an actual situation were an anonymouse is using an Authenticated Rule !!!
so here is the question , is there other LOGs that also do not relate to a real situation
I was wondering myself how annoymous users were getting Allowed Connections on an Authenticated rule. :P
My question is though, will this access be picked up on an inbuilt report? Just trying at the moment to clean up the reports to minimise the occurance of IPs in the list instead of usernames...