Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100226

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
341342343344345346347348349350
4-54
Firewall
User Authentication
Figure 4-32. Two Networks Merged with a Router That NATs Traffic
This type of network design should not be used in conjunction with the user
authentication feature. Once a Web-authenticated firewall user has provided
a valid username/password, the TMS zl Module uses the source IP address to
map subsequent packets from that address to the user. If an intermediate
infrastructure device (such as a Web proxy or NAT device) maps multiple IP
addresses to a single IP address, the TMS zl Module cannot distinguish one
user from another.
For proper operation of the user authentication feature of the firewall, be sure
to maintain source IP address integrity for the users that require this feature.
In the example network shown in Figure 4-32, the organization would need to
reconfigure the network so that the traffic sent between Network A and B
does not require NAT. Alternatively, the organization could install another TMS
zl Module on Network A and have it perform user authentication. After users
are authenticated, this second TMS zl Module could also NAT their traffic
before sending it to Network B.
Configure User Authentication
To force users to log in to the network, to authenticate the users, and to control
the authenticated users’ access, you must complete the following tasks:
1. Configure the Web login page and Web session settings.
See “Configure Web Login Page and Web Settings” on page 4-55.