Manualshelf

R3721-F3210-F3171-HP High-End Firewalls Access Control Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
71727374757677787980
67
[Sysname-GigabitEthernet0/1] portal server pts method direct
portal server server-detect
Syntax
portal server server-name server-detect method { http | portal-heartbeat } * action { log | permit-all |
trap } * [ interval interval ] [ retry retries ]
undo portal server server-name server-detect
View
System view
Default level
2: System level
Parameters
server-name: Name of a portal server, a case-sensitive string of 1 to 32 characters. The specified portal
server must have existed.
server-detect method { http | portal-heartbeat }: Specifies the portal server detection method. Two
detection methods are available:
http: Probes HTTP connections. In this method, the access device (firewall) periodically sends TCP
connection requests to the HTTP service port of the portal servers enabled on its interfaces. If the
TCP connection with a portal server can be established, the access device considers that the HTTP
service of the portal server is open and the portal server is reachable—the detection succeeds. If the
TCP connection cannot be established, the access device considers that the detection fails—the
portal server is unreachable. If a portal server does not support the portal server heartbeat function,
you can configure the access device to use the HTTP probe method to detect the reachability of the
portal server.
portal-heartbeat: Probes portal heartbeat packets. Portal servers periodically send portal heartbeat
packets to the access devices. If the access device receives a portal heartbeat packet from a portal
server within the specified interval, the access device considers that the probe succeeds and the
portal server is reachable; otherwise, it considers that the probe fails and the portal server is
unreachable. This method is effective to only portal servers that support the portal heartbeat
function. Currently, only the IMC portal server supports this function. To implement detection with
this method, you also need to configure the portal server heartbeat function on the IMC portal
server and make sure that the server heartbeat interval configured on the portal server is shorter
than or equal to the probe interval configured on the access device.
action { log | permit-all | trap }: Specifies the actions to be taken when the status of a portal server
changes. The following actions are available:
log: Specifies the action as sending a log message. When the status (reachable/unreachable) of a
portal server changes, the access device sends a log message. The log message contains the portal
server name and the current state and original state of the portal server.
permit-all: Specifies the action as disabling portal authentication—enabling portal authentication
bypass. When the access device detects that a portal server is unreachable, it disables portal
authentication on the interface referencing the portal server, allowing all portal users on this
interface to access network resources. When the access device receives the portal server heartbeat
packets or authentication packets (such as login requests and logout requests), it re-enables the
portal authentication function.