No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


When TSM SACG do connection, pre-authentication domain automatically release all traffic

Publication Date:  2012-09-13 Views:  692 Downloads:  0

Issue Description

The secospace_TSM sacg can not limit clients by pre-authentication domain.
Pre-authentication domain, SACG 3099display “rule1000 permit ip
The configuration :
default acl 3099
server ip port 3288 shared-key secospace
right-manager server-group active-minimum 3

The status display:
[USG2210] dis right-manager server-group
13:56:24 2010/06/02
Server-state: Enable
Server-number: 1
Server-ip-address port state master 3288 active Y

Alarm Information


Handling Process

Change active to 1 solve the problem.
default acl 3099
right-manager server-group active-minimum 1

Root Cause

Based on connection state, it can be seen that the number of active is 1. While in the original configuration the active-minimun is 3, it means that the smallest active is 3.  This time the firewall will open emergency channel, acl 3099 there will be a rule1000 permit ip rule.


Conditions for opening emergency channel:
1. Enable the open state monitoring
2. The number of the currently active server is less than the configured number of active number