Note
The (*) symbol in the above list indicates that the sending of the parameter is user
configurable.
2.3.3. Interim Accounting Messages
In addition to START and STOP messages NetDefendOS can optionally periodically send Interim
Accounting Messages to update the accounting server with the current status of an authenticated
user. An Interim Accounting Message can be seen as a snapshot of the network resources that an
authenticated user has used up until a given point. With this feature, the RADIUS server can track
how many bytes and packets an authenticated user has sent and received up until the point when the
last message was sent.
An Interim Accounting Message contains the current values of the statistics for an authenticated
user. It contains more or less the same parameters as found in an AccountingRequest Stop message,
except that the Acct-Terminate-Cause is not included (as the user has not disconnected yet).
The frequency of Interim Accounting Messages can be specified either on the authentication server,
or in NetDefendOS. Switching on the setting in NetDefendOS will override the setting on the
accounting server.
2.3.4. Activating RADIUS Accounting
In order to activate RADIUS accounting a number of steps must be followed:
•
The RADIUS accounting server must be specified.
•
A user authentication object must have a rule associated with it where a RADIUS server is
specified.
Some important points should be noted about activation:
•
RADIUS Accounting will not function where a connection is subject to a FwdFast rule in the IP
rule set.
•
The same RADIUS server does not need to handle both authentication and accounting; one
server can be responsible for authentication while another is responsible for accounting tasks.
•
Multiple RADIUS servers can be configured in NetDefendOS to deal with the event when the
primary server is unreachable.
2.3.5. RADIUS Accounting Security
Communication between NetDefendOS and any RADIUS accounting server is protected by the use
of a shared secret. This secret is never sent over the network but instead a 16 byte long
Authenticator code is calculated using a one way MD5 hash function and this is used to authenticate
accounting messages.
The shared secret is case sensitive, can contain up to 100 characters, and must be typed exactly the
same for NetDefendOS and for the RADIUS server.
Messages are sent using the UDP protocol and the default port number used is 1813 although this is
user configurable.
2.3.6. RADIUS Accounting and High Availability
In an HA cluster, accounting information is synchronized between the active and passive D-Link
Firewalls. This means that accounting information is automatically updated on both cluster members
2.3.3. Interim Accounting Messages
Chapter 2. Management and Maintenance
56
Summary of Contents for 800 - DFL 800 - Security Appliance
Page 24: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 24 ...
Page 69: ...2 6 4 Restore to Factory Defaults Chapter 2 Management and Maintenance 69 ...
Page 121: ...3 9 DNS Chapter 3 Fundamentals 121 ...
Page 181: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 181 ...
Page 192: ...5 5 IP Pools Chapter 5 DHCP Services 192 ...
Page 282: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 282 ...
Page 300: ...mechanism 7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 300 ...
Page 301: ...7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 301 ...
Page 318: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 318 ...
Page 322: ...ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 322 ...
Page 377: ...Management Interface Failure with VPN Chapter 9 VPN 377 ...
Page 408: ...10 4 6 SLB_SAT Rules Chapter 10 Traffic Management 408 ...
Page 419: ...11 5 HA Advanced Settings Chapter 11 High Availability 419 ...
Page 426: ...12 3 5 Limitations Chapter 12 ZoneDefense 426 ...
Page 449: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 449 ...