Ive just setup a WAF rule for an internal WWW server and setup to use Forms with Passthrough auth policy, but to my shock no auth form of any kind was given when browsing the url meaning i hit the internal page instantly. Ive tried all sorts in attempts to get somekind of restrictions set on this WAF rule but nothing seems to work not even URL hardening or basic FQDN settings as i can even access via the IP on the wan port which shouldn't be possible in my past experience and even removing allowed networks altogether didn't work??
Anyone seen anything similar??
Thanks
This thread was automatically locked due to age.
