localhost Allowed in a User Authentication rule Using the following rule with the :prompt_for_destination property set to true, "localhost" will be allowed. src dest services action track install-on users@any NOT firewall telnet user auth long gatewaysHost network objects are defined by the IP addresses and network interfaces that are associated with that object. The negation of a host object, i.e. NOT the host object, means "IP addresses not associated with that host or gateway object". In the case of the firewall network object, "NOT firewall" really means "anything that is not an IP address associated with object definition of the firewall."
The simplest resolution to this problem is to create a host object with the IP address 127.0.0.1 and add it to your rule, e.g.: src dest services action track install-on users@any NOT firewall telnet user auth long gateways NOT localhost--
PhoneBoy - 30 Dec 2003
FAQForm FAQs.Class:
AuthenticationFAQs OperatingSystem?: FAQs.Version:
localhost Allowed in a User Authentication rule 
2005-08-13 
localhost Allowed in a User Authentication rule 
Linear Mode
