The customer’s USG firewall has turn on the WEB configuration, and set a user in the AAA view (the level is 3, the serve type is web). The inter-zone packet filter is right, and we can access the web pages, but the screen is always white after key in the username and password. We can’t access at last.
We enter the domain view and active the default domain. (state active)
Then we enter the web page, key in the username and password, the page isn’t timeout, but we the enough privilege to access. We modify the privilege from 0 to 7. (user-privilege 7)
We have solve this problem.
We can find that the default domain has these configurations: domain default, state block, user-privilege 0.
The reason is that the user configured in AAA view is belong to the default domain. We can’t pass the certification if this domain has been disabled.
We can access commonly if nobody set the domain because the domain is active. If we can’t pass the certification, we can check the domain’s configuration.