R3721-F3210-F3171-HP High-End Firewalls Access Control Configuration Guide-6PW101
125
{ Sending a trap message: When the status of a portal server changes, the access device sends
a trap message to the network management server (NMS). The trap message contains the
portal server name and the current state of the portal server.
{ Sending a log: When the status of a portal server changes, the access device sends a log
message. The log message indicates the portal server name and the current state and original
state of the portal server.
{ Disabling portal authentication—enabling portal authentication bypass: When the access
device detects that a portal server is unreachable, it disables portal authentication on the
interfaces that use the portal server (allows all portal users on the interfaces to access network
resources). When the access device receives from the portal server portal heartbeat packets or
authentication packets (such as logon requests and logout requests), it re-enables the portal
authentication function.
You can configure any combination of the configuration items described as needed, with respect to the
following:
• If both detection methods are specified, a portal server will be regarded as unreachable as long as
one detection method fails, and an unreachable portal server will be regarded as recovered only
when both detection methods succeed.
• If multiple actions are specified, the access device will execute all the specified actions when the
status of a portal server changes.
• The detection function configured for a portal server takes effect on an interface only after you
enable portal authentication and reference the portal server on the interface.
To configure the portal server detection function:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Configure the portal
server detection
function.
portal server server-name server-detect
method { http | portal-heartbeat } * action
{ log | permit-all | trap } * [ interval
interval ] [ retry retries ]
Not configured by default.
The portal server specified in the
command must exist.
NOTE:
The portal heartbeat detection method works only when the portal server supports the portal server
heartbeat function. Currently, only the IMC portal server supports this function. To implement detection
w
ith this method, you also need to configure the portal server heartbeat function on the IMC portal server
and make sure that the product of interval and retry is
g
reater than or equal to the portal server heartbea
t
interval. HP recommends configuring the interval to be greater than the portal server heartbeat interval
configured on the portal server.
Configuring portal user information synchronization
Once the access device loses communication with a portal server, the portal user information on the
access device and that on the portal server may be inconsistent after the communication resumes. To
solve this problem, the firewall (access device) provides the portal user information synchronization
function. This function is implemented by sending and detecting the portal synchronization packet. The
process is as follows:
1. The portal server sends the online user information to the access device in a user synchronization
packet at the user heartbeat interval, which is set on the portal server.