F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

171

172

173

174

175

176

177

178

179

180

172

[Firewall-isp-dm1] authentication portal radius-scheme rs1

[Firewall-isp-dm1] authorization portal radius-scheme rs1

[Firewall-isp-dm1] accounting portal radius-scheme rs1

[Firewall-isp-dm1] quit

# Configure domain dm1 as the default ISP domain for all users. Then, if a user enters a username

without any ISP domain at logon, the authentication and accounting methods of the default

domain are used for the user.

[Firewall] domain default enable dm1

3. Configure portal authentication:

# Configure a portal server on the firewall, specifying the portal server name as newpt, IP address

as 192.168.0.111, key as plaintext string portal, port number as 50100, and URL as

http://192.168.0.111:8080/portal.

[Firewall] portal server newpt ip 192.168.0.111 key simple portal port 50100 url

http://192.168.0.111:8080/portal

# Enable portal authentication on the interface connecting the host.

[Firewall] interface gigabitethernet 0/2

[Firewall–GigabitEthernet0/2] portal server newpt method direct

[Firewall–GigabitEthernet0/2] quit

388BVerifying the configuration

Execute the following command to see whether the portal configuration has taken effect:

[Firewall] display portal interface gigabitethernet 0/2

Portal configuration of GigabitEthernet 0/2

IPv4:

Status: Portal running

Portal server: newpt

Authentication type: Direct

Authentication domain:

Authentication network:

The user can initiate portal authentication by using the HP iNode client or by accessing a webpage. All

the initiated Web requests are redirected to the portal authentication page

h t t p : / / 19 2 .16 8 . 0 .111:8080/portal. Before passing portal authentication, the user can access only the

authentication page. After passing portal authentication, the user can access Internet resources.

After the user passes the portal authentication, you can use the following command to view the portal

user information on the firewall.

[Firewall] display portal user interface gigabitethernet 0/2

Index:19

State:ONLINE

SubState:NONE

ACL:NONE

Work-mode:stand-alone

MAC IP Vlan Interface

---------------------------------------------------------------------

0015-e9a6-7cfe 2.2.2.2 0 GigabitEthernet0/2

On interface GigabitEthernet0/2:total 1 user(s) matched, 1 listed.