F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Command Reference-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

141

142

143

144

145

146

147

148

149

150

133

function. Currently, only the IMC portal server supports this function. To implement detection with

this method, you also need to configure the portal server heartbeat function on the IMC portal

server and make sure that the server heartbeat interval configured on the portal server is shorter

than or equal to the probe interval configured on the device.

action { log | permit-all | trap }: Specifies the actions to be taken when the status of a portal server

changes. The following actions are available:

• log: Specifies the action as sending a log message. When the status (reachable/unreachable) of a

portal server changes, the access device sends a log message. The log message contains the portal

server name and the current state and original state of the portal server.

• permit-all: Specifies the action as disabling portal authentication—enabling portal authentication

bypass. When the device detects that a portal server is unreachable, it disables portal

authentication on the interface referencing the portal server, allowing all portal users on this

interface to access network resources. When the access device receives the portal server heartbeat

packets or authentication packets (such as login requests and logout requests), it re-enables the

portal authentication function.

• trap: Specifies the action as sending a trap message. When the status (reachable/unreachable) of

a portal server changes, the access device sends a trap message to the network management

server (NMS). Trap message contains the portal server name and the current state of the portal

server.

interval interval: Interval at which probe attempts are made. The interval argument ranges from 20 to

600 and defaults to 20, in seconds.

retry retries: Maximum number of probe attempts. The retries argument ranges from 1 to 5 and defaults

to 3. If the number of consecutive, failed probes reaches this value, the access device considers that the

portal server is unreachable.

Usage guidelines

You can specify one or more detection methods and the actions to be taken.

If both detection methods are specified, a portal server is regarded as unreachable as long as one

detection method fails, and an unreachable portal server is regarded as recovered only when both

detection methods succeed.

If multiple actions are specified, the system executes all the specified actions when the status of a portal

server changes.

Deleting a portal server on the device will delete the detection function for the portal server.

If you configure the detection function for a portal server for multiple times, the last configuration takes

effect. If you do not specify an optional parameter, the default setting of the parameter is used.

The portal server detection function takes effect only when the portal server is referenced on an interface.

Authentication-related packets from a portal server, such as logon requests and logoff requests, have the

same effect as the portal heartbeat packets for the portal server detection function.

Related command: display portal server.

Examples

# Configure the device to detect portal server pts:

• Specifying both the HTTP probe and portal heartbeat probe methods

• Setting the probe interval to 600 seconds