R3721-F3210-F3171-HP High-End Firewalls Access Control Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

131

132

133

134

135

136

137

138

139

140

126

2. Upon receiving the user synchronization packet, the access device checks the user information

carried in the packet with its own. If the access device finds a nonexistent user in the packet, it

informs the portal server of the information and the portal server will delete the user. If the access

device finds that one of its users does not appear in the user synchronization packets within N

consecutive synchronization probe intervals (N is equal to the value of retries configured in the

portal server user-sync command), it considers that the user does not exist on the portal server and

logs the user off.

To configure the portal user information synchronization function:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Configure the portal

user information

synchronization

function.

portal server server-name

user-sync [ interval interval ]

[ retry retries ]

Not configured by default.

The portal server specified in the command must

exist. This function can take effect only when the

specified portal server is referenced on the

interface connecting the users.

NOTE:

• The user information synchronization function requires that a portal server supports the portal user

heartbeat function (currently only the IMC portal server supports portal user heartbeat). To implement

the portal user synchronization function, you also need to confi

ure the user heartbeat function on the

portal server and make sure that the product of interval and retry is

reater than or equal to the portal

user heartbeat interval. HP recommends configuring the interval to be greater than the portal user

heartbeat interval configured on the portal server.

• For redundant user information on the firewall—user information for users who are considered

nonexistent on the portal server, the firewall deletes the information durin

the (N+1)th interval, where N

is equal to the value of

retries

configured in the portal server user-sync command.

Logging off portal users

Logging off a user terminates the authentication process for the user or removes the user from the

authenticated users list.

To log off portal users:

Ste

Command

1. Enter system view.

system-view

2. Log off portal users.

portal delete-user { ip-address | all | interface interface-type

interface-number }