•
Shared Secret: 231562514098273
•
Confirm Secret: 231562514098273
•
Routing Table: main
3.
Click OK
8.9.5. RADIUS Accounting Security
Communication between NetDefendOS and any RADIUS accounting server is protected by the
use of a shared secret. This secret is never sent over the network but instead a 16 byte long
Authenticator code
is calculated using a one way MD5 hash function and this is used to
authenticate accounting messages.
The shared secret is case sensitive, can contain up to 100 characters, and must be typed exactly
the same for NetDefendOS and for the RADIUS server.
Messages are sent using the UDP protocol and the default port number used is
1813
although
this is user configurable.
8.9.6. RADIUS Accounting and High Availability
In an HA cluster, accounting information is synchronized between the active and passive
NetDefend Firewalls. This means that accounting information is automatically updated on both
cluster members whenever a connection is closed.
Special Accounting Events
Two special accounting events are also used by the active unit to keep the passive unit
synchronized:
•
An AccountingStart event is sent to the inactive member in an HA setup whenever a
response has been received from the accounting server. This specifies that accounting
information should be stored for a specific authenticated user.
•
A problem with accounting information synchronization could occur if an active unit has an
authenticated user for whom the associated connection times out before it is synchronized
on the inactive unit.
To get around this problem, a special AccountingUpdate event is sent to the passive unit on
a timeout and this contains the most recent accounting information for connections.
8.9.7. Handling Unresponsive RADIUS Servers
It can happen that a RADIUS client sends an
AccountingRequest
START packet which a RADIUS
server never replies to. If this happens, NetDefendOS will re-send the request after the
user-specified number of seconds. This will mean, however, that a user will still have
authenticated access while NetDefendOS is trying to contact to the accounting server.
Three Connection Attempts are Made
Chapter 8: User Authentication
663
Содержание NetDefendOS
Страница 30: ...Figure 1 3 Packet Flow Schematic Part III Chapter 1 NetDefendOS Overview 30 ...
Страница 32: ...Chapter 1 NetDefendOS Overview 32 ...
Страница 144: ...Chapter 2 Management and Maintenance 144 ...
Страница 220: ... Enable DHCP passthrough Enable L2 passthrough for non IP protocols 4 Click OK Chapter 3 Fundamentals 220 ...
Страница 267: ... SourceNetwork lannet DestinationInterface any DestinationNetwork all nets 4 Click OK Chapter 3 Fundamentals 267 ...
Страница 284: ...Chapter 3 Fundamentals 284 ...
Страница 360: ...The ospf command options are fully described in the separate NetDefendOS CLI Reference Guide Chapter 4 Routing 360 ...
Страница 392: ...Chapter 4 Routing 392 ...
Страница 396: ...Web Interface 1 Go to Network Ethernet If1 2 Select Enable DHCP 3 Click OK Chapter 5 DHCP Services 396 ...
Страница 419: ... Host 2001 DB8 1 MAC 00 90 12 13 14 15 5 Click OK Chapter 5 DHCP Services 419 ...
Страница 420: ...Chapter 5 DHCP Services 420 ...
Страница 424: ...2 Now enter Name lan_Access Action Expect Interface lan Network lannet 3 Click OK Chapter 6 Security Mechanisms 424 ...
Страница 573: ...Chapter 6 Security Mechanisms 573 ...
Страница 575: ...This section describes and provides examples of configuring NAT and SAT rules Chapter 7 Address Translation 575 ...
Страница 607: ...Chapter 7 Address Translation 607 ...
Страница 666: ...Chapter 8 User Authentication 666 ...
Страница 775: ...Chapter 9 VPN 775 ...
Страница 819: ...Chapter 10 Traffic Management 819 ...
Страница 842: ...Chapter 11 High Availability 842 ...
Страница 866: ...Default Enabled Chapter 13 Advanced Settings 866 ...
Страница 879: ...Chapter 13 Advanced Settings 879 ...