Manualshelf

HP VPN Firewall Appliances Access Control Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
151152153154155156157158159160
145
The components of a portal system interact as follows:
1. When an unauthenticated user enters a website address in the browser's address bar to access the
Internet, an HTTP request is created and sent to the access device. The access device then redirects
the HTTP request to the portal server's Web authentication homepage. For extended portal
functions, authentication clients must run the portal client software.
2. On the authentication homepage/authentication dialog box, the user enters and submits the
authentication information, which the portal server then transfers to the access device.
3. Upon receipt of the authentication information, the access device communicates with the
authentication/accounting server for authentication and accounting.
4. After successful authentication, the access device checks whether there is a corresponding security
policy for the user. If not, it allows the user to access the Internet. Otherwise, the client
communicates with the access device and the security policy server for security check. If the client
passes security check, the security policy server authorizes the user to access the Internet
resources.
NOTE:
Portal authentication supports NAT traversal whether it is initiated by a Web client or an HP iNode client.
W
hen the portal authentication client is on a private network, but the portal server is on a public networ
k
and the access device is enabled with NAT, network address translations performed on the access device
do not affect portal authentication. However, in such a case, HP recommends using an interface's public
IP address as the source address of outgoing portal packets.
Portal system using the local portal server
The following matrix shows the feature and hardware compatibility:
Hardware Com
p
atibilit
y
F1000-A-EI/F1000-S-EI Yes
F1000-E No
F5000 No
F5000-S/F5000-C No
VPN firewall modules No
20-Gbps VPN firewall modules No
In addition to using a separate device as the portal server, a portal system can also use the local portal
server function of the access device to authenticate Web users directly. In this case, the portal system
consists of only three components: authentication client, access device, and authentication/accounting
server, as shown in Figure 115.
Figure 115 Portal system using the local portal server