We are seeing error message in our logs that is a audit error entry. It says that the connect from an IP Address to 0.0.0.0:listening port has been rejected. The help text when I click on the error reads "Connection rejected - not allowed by ACL (CC Mode only).".
After some investigation we found that for some reason the appliance is in Common criteria mode.
The HTTPS front-side handler associated with the port on which the connection are being reject has an ACL configured.
We have 3 other appliance that are not in common criteria mode with the same HTTPS front side handler configuration, however we are not getting the same error entry in the log.
I have not been able to find out exactly what is changed in common criteria mode.
So the question is if I am only seeing the error logged on one DataPower because it is in common criteria mode, but the same behavior happens on all the appliance and is just not logged on the other.
Or is common criteria changing the working of the DataPower.
This topic has been locked.
4 replies Latest Post - 2012-11-05T10:32:16Z by SystemAdmin
Pinned topic Common criteria mode
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
Updated on 2012-11-05T10:32:16Z at 2012-11-05T10:32:16Z by SystemAdmin
Liv2luv 270002M1RW573 PostsACCEPTED ANSWER
Re: Common criteria mode2012-08-29T12:40:57Z in response to SystemAdminAs you've figured out, it is the Common Criteria (CC) mode not allowing a connection on 0.0.0.0
CC mode enforces additional security (EAL4 in case of DataPower) , see below:
Re: Common criteria mode2012-08-29T15:30:46Z in response to Liv2luvThanks for the feedback.
I do have many other front-side handlers on the appliances that works perfectly without problems listening on 0.0.0.0. There is one difference and that this is the only FSH with an ACL.
To further complicate the problem I can see accepted connection in the xact log from the same the same IP and looking closer at the logs, it seems like the connection is accepted, based on the exact log and rejected the audit error in the system log.
It almost seems that it is incorrectly logging the event in the system log.