Manualshelf

R3721-F3210-F3171-HP High-End Firewalls Access Control Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
71727374757677787980
69
undo portal server server-name user-sync
View
System view
Default level
2: System level
Parameters
server-name: Name of a portal server, a case-sensitive string of 1 to 32 characters. The specified portal
server must have existed.
user-sync: Enables the portal user synchronization function.
interval interval: Specifies the interval at which the firewall checks the user synchronization packets. The
interval argument ranges from 60 to 3600 and defaults to 300, in seconds.
retry retries: Specifies the maximum number of consecutive failed checks. The retries argument ranges
from 1 to 5 and defaults to 4. If the access device finds that one of its users does not exist in the user
synchronization packets from the portal server within N consecutive probe intervals (N = retries), it
considers that the user does not exist on the portal server and logs the user off.
Description
Use portal server user-sync to configure portal user information synchronization with a specific portal
server. With this function configured, the firewall periodically checks and responds to the user
synchronization packet received from the specified portal server, so as to keep the consistency of the
online user information on the firewall and the portal server.
Use undo portal server user-sync to cancel the portal user information synchronization configuration with
the specified portal server.
By default, the portal user synchronization function is not configured.
The user information synchronization function requires that a portal server supports the portal user
heartbeat function (currently only the IMC portal server supports portal user heartbeat). To implement the
portal user synchronization function, you also need to configure the user heartbeat function on the portal
server and make sure that the user heartbeat interval configured on the portal server is shorter than or
equal to the synchronization probe interval configured on the firewall.
Deleting a portal server on the firewall will delete the portal user synchronization configuration with the
portal server.
If you configure the user synchronization function for a portal server for multiple times, the last
configuration will take effect. If you do not specify an optional parameter, the default setting of the
parameter will be used.
For redundant user information on the firewall—information of the users considered as nonexistent on the
portal server, the firewall will delete the information during the (N+1)th probe interval, where N equals
to the value of retries configured in the portal server user-sync command.
Examples
# Configure the firewall to synchronize portal user information with portal server pts:
Setting the synchronization probe interval to 600 seconds
Specifying the firewall to log off users if information of the users does not exist in the user
synchronization packets sent from the server in two consecutive probe intervals.
<Sysname> system-view