[8.930][MYTH] Screen Access

In access1.jpg, with permissions of the user auditor has permissions to enable access and configure Site-to-Site VPN (Amazon VPC). Wrong, because it should only view the status of the tunnel.

In access2.jpg, with permissions of the user auditor does not have permissions to Netflow. He should see the network traffic, but not set up the shaper to control bandwidth.

In access3.jpg, 8.3*** and 8930 versions, the user without logging in, you view administrative pages.

Parents

0 wingman over 13 years ago

Hi Cristof

Let me try to interpret this.

Pciture 1: User "aeris" has been assigned with auditor permissions only, however, it seems that he is able to configure Site-to-Site VPN (instead he should be allowed only to view the status based on his access)

picture 2: Same user,same access. He can view the netflow but not shape any traffic

Picture 3: Possible a bug as even though you haven't authenticated to the UTM you are still able to view the netflow window by using the URL

Thanks
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 wingman over 13 years ago

Hi Cristof

Let me try to interpret this.

Pciture 1: User "aeris" has been assigned with auditor permissions only, however, it seems that he is able to configure Site-to-Site VPN (instead he should be allowed only to view the status based on his access)

picture 2: Same user,same access. He can view the netflow but not shape any traffic

Picture 3: Possible a bug as even though you haven't authenticated to the UTM you are still able to view the netflow window by using the URL

Thanks
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 Siarom over 13 years ago in reply to wingman

Hi Cristof

Let me try to interpret this.

Pciture 1: User "aeris" has been assigned with auditor permissions only, however, it seems that he is able to configure Site-to-Site VPN (instead he should be allowed only to view the status based on his access)

picture 2: Same user,same access. He can view the netflow but not shape any traffic

Picture 3: Possible a bug as even though you haven't authenticated to the UTM you are still able to view the netflow window by using the URL

Thanks

Thank you! Sorry by my Google English Translator … yet I'm working on it! :-P
-Netflow not only the URL, but other URLS, logs are also displayed, even without logging in.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 PaulHolt over 13 years ago in reply to Siarom

Interesting, I can copy the URL to an unauthenticated brower and get the correct UTM screen, flow montior or log, but no data appears. Do you get data Siarom?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 PaulHolt over 13 years ago in reply to PaulHolt

I just created an audit user and there are a few pages you can get access to but can't make any changes. Hmmm, should be like the other pages, no access at all.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Siarom over 13 years ago in reply to PaulHolt

Interesting, I can copy the URL to an unauthenticated brower and get the correct UTM screen, flow montior or log, but no data appears. Do you get data Siarom?

Hi, data not appears... but the access into url without authentication don't should occurs. There should be a redirect to the loggin page...
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 PaulHolt over 13 years ago in reply to Siarom

I agree, it should take you to a login.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

[8.930][MYTH] Screen Access

Submitted a Tech Support Case lately from the Support Portal?