R3721-F3210-F3171-HP High-End Firewalls Access Control Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

121

122

123

124

125

126

127

128

129

130

118

NOTE:

• For installation and configuration about the security policy server, see

IMC EAD Security Policy Help

• The ACL for resources in the quarantined area and that for restricted resources correspond to isolation

ACL and security ACL on the security policy server respectively.

• You can modify the authorized ACLs on the access device. However, your changes take effect only for

portal users logging on after the modification.

Specifying a portal server for Layer 3 portal

authentication

Use this task to specify portal server parameters for Layer 3 portal authentication, including the portal

server IP address, shared encryption key, server port, and the URL address for Web authentication.

To specify a remote portal server for Layer 3 portal authentication:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Specify a portal server and

configure related parameters.

portal server server-name ip

ip-address [ key key-string | port

port-id | url url-string ] *

By default, no portal server is

specified.

NOTE:

• You can specify four portal servers on the firewall at most.

• The specified parameters of a portal server can be modified or deleted only if the portal server is not

referenced on any interface.

Enabling Layer 3 portal authentication

Before enabling Layer 3 portal authentication on an interface, make sure that:

• An IP address is configured for the interface.

• The interface is not added to any port aggregation group.

• The portal server to be referenced on the interface exists.

Configuration guidelines

• You cannot enable portal authentication on a Layer 3 interface added to an aggregation group,

nor can you add a portal-enabled Layer 3 interface to an aggregation group.

• The destination port number that the firewall uses for sending unsolicited packets to the portal server

must be the same as that which the remote portal server actually uses.

• The portal server and its parameters can be deleted or modified only when the portal server is not

referenced by any interface.

• Cross-subnet authentication mode (portal server server-name method layer3) does not require

Layer 3 forwarding devices between the access device and the authentication clients. However, if

there are Layer 3 forwarding devices between the authentication client and the access device, you

must select the cross-subnet portal authentication mode.