12 Jun
2018
12 Jun
'18
5:46 a.m.
Just curiosity really. My inner-tunnel configuration is appended below. It seems that my update to the outer session state has to be in both the main post-auth section and the REJECT subsection. Seems a bit counter- intuitive; what I would expect is the main section to apply to both ACCEPTs and REJECTs and then subsections to be applied additionally where appropriate. So just wondering what the rationale is. post-auth { #sql update outer.session-state { &User-Name = &User-Name } Post-Auth-Type REJECT { update outer.session-state { &User-Name = &User-Name } attr_filter.access_reject } }