Management and Configuration Guide (Includes ACM xl) 2005-12

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

101

102

103

104

105

106

107

108

109

110

ProCurve Secure Access 700wl Series Management and Configuration Guide 4-51

Configuring Rights

appropriate destination. Therefore, an incorrect ordering of Redirect filters could cause some filters

never to be evaluated. For example, if a more general filter is evaluated before a more specific filter,

packets could be redirected due to matching the general filter, and never be evaluated by the more

specific filter.

Reordering the filter list affects only the Access Policy that is currently being created. Each Access

Policy may use a different ordering of Redirect filters.

» To create a new filter, click New Filter.

» To edit a filter, click the filter name or the pencil icon at the end of the row. This takes you directly to

the Edit Filters page. Note that if the filter is one of a DNS or WINS filter pair, this takes you to the Edit

Filters page for the pair.

The 700wl Series system provides a number of predefined Redirected Traffic filters, as listed in

Table 4-20.

Table 4-20. Predefined Redirected Traffic Filters

Redirected Traffic Filter Description

Access Controller HTTP Logon

redirect

Redirects most HTTP requests (on port 80) to the Access Controller logon page

on port 82. Web requests to address 42.0.0.1 are not redirected so the system

can be configured on startup.

Access Controller HTTPS

Logon redirect

Redirects most HTTPS requests on port 443, the standard SSL port, to the

Access Controller SSL logon page on port 443.

Access Controller Internal

blocker

Redirects HTTP requests intended for addresses within the Access Control

Server subnet (@INTRANET@) to the Access Controller Stop page.

Access Controller Logon page

shortcut

Redirects HTTP requests intended for 1.1.1.1 port 80 to the Access Controller

logon page.

Access Controller No SSL Web Redirects all HTTPS requests on port 443, the standard SSL port, to the Access

Controller SSL Stop page.

Access Controller No Web Redirects all HTTP requests on port 80 to the Access Controller Stop page.

BlackHole Redirects all requests except for DHCP, DNS, Stop page and HTTP requests to

0.0.0.0. This effectively prevents network access.

CS-to-Access Controller Logon

redirect

Redirects requests intended for the Access Control Server SSL logon port (443)

to the Access Controller SSL logon port. This redirect is needed to allow the

Access Controller logon process to use the Access Control Server’s SSL

certificate.

CS-to-Access Controller Stop

redirect

Redirects requests intended for the Access Control Server Stop port (81) to the

Access Controller Stop port. This redirect is needed to allow Stop page redirects

to succeed when Distributed Logons are in use.

No external rights UI Redirects Rights Manager UI access requests to the SSL Stop page

No internal admin UI Redirects access requests via 42.0.0.1 (@INTERNAL@) to the Access Control

Server SSL Stop page

No internal Access Controller

Express UI

Redirects Integrated Access Manager UI access requires via 42.0.0.1

No internal rights UI Redirects Rights Manager UI access requests via 42.0.0.1 to the SSL Stop page

No SSL internal UI Redirects SSL access requests via 42.0.0.1 to the SSL Stop page