Add IPv4 access rules for browser-based user authentication

Browser-based user authentication is not allowed by default in the Firewall Template policy. You must add a rule that allows this traffic in the Firewall Policy.

To reduce the risk of resource consumption or DoS (denial of service) attacks, we recommend limiting the number of connections from each source IP address. Under normal conditions, there should only be one connection at a time from each source IP address. However, incomplete connections or other network errors might temporarily result in more than one simultaneous connection attempt from the same IP address. Set the limit for your simultaneous connections according to your network environment so that the limit does not interfere with legitimate connection attempts.

  For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Right-click the Firewall Policy and select Edit.
    The policy opens for editing.
  2. Add the following IPv4 Access rule:
    Table 1. IPv4 Access rule for browser-based user authentication
    Source Destination Service Action
    ANY $$Local Cluster (CVI addresses only) or $$Interface ID X. (If specific listening interfaces are selected on the General tab in the Browser-Based User Authentication Properties.) HTTP, HTTPS, or both (Port settings must be the same as defined on the General tab in the Browser-Based User Authentication Properties.) Allow

    Connection tracking: Default

    Connection limit by Source: the number of simultaneous connection attempts you want to allow

  3. Install the policy to transfer the changes to the Firewall.