Edit the following options to define new or edit existing Infranet Controller settings:
Infranet Controller Instance: Enter a friendly or meaningful name within 32 characters to identify the Infranet Controller.
IP/Domain Name: Enter an IPv4 address or the host name of the Infranet Controller.
Port: This is the port communicating with the Infranet Controller. The pre-configured default port is 11122. The solution will not work if you change the default port.
Timeout: Enter a value between 1-10,000 to specify the length of time in seconds for a device to stop contacting a non-responsive Infranet Controller. The default value is 60 seconds.
Redirect URL: If you configure a redirect infranet-auth policy, the security device redirects HTTP traffic to the currently-connected Infranet Controller via HTTPS by default. Leave this setting blank (default) if you want to redirect traffic to the currently-connected Infranet Controller.
Note: The default redirect URL (Infranet Controller) is not displayed.
Enter a URL string to override the default redirection for the following scenarios:
You are using a VIP for a cluster of Infranet Controller appliances and the security device is configured to connect to the Infranet Controller's physical IP addresses.
You want to redirect traffic to a webserver instead of the Infranet Controller.
If, due to split DNS or IP routing restrictions at your site, the security device uses a different address for the Infranet Controller than endpoints, you must specify the domain name or IP address that endpoints must use to access the Infranet Controller. For example, if your security device connects to the internal port of the Infranet Controller, but endpoints connect to the external port of the Infranet Controller, you must override the default redirection destination by specifying the external port of the Infranet Controller.
Syntax: Enter a URL string using HTTP or HTTPS within double quotes: “https://<IP or domain name>/?target=%dest-url%”
For example,
To redirect to an Infranet Controller and forward the protected resource URL, enter:
https://abc.company.com/?target=%dest-url%
To redirect to a webserver and forward the protected resource URL, enter:
https://server1.company.com/cgi-bin/redirect.cgi?target=%dest_url%
The security device replaces the %dest-url% parameter with the user-requested protected resource URL, and then forwards the protected resource URL in encrypted form to the Infranet Controller.
In the Redirect URL string, you can omit the ?target=%dest-url% parameter.
For example,
https://server1.company.com
If you do not include the %dest-url% parameter, the user must manually open a new Web browser window and enter the protected resource URL again after signing in.
If you configured your device to work with multiple Infranet Controllers in a cluster, and the current Infranet Controller becomes disconnected, the security device automatically redirects HTTP traffic to the next active Infranet Controller in its configuration list. The security device redirects traffic to only one Infranet Controller at a time.
For more information on using this captive portal feature, see the Unified Access Control Administration Guide.
NACN Parameters
Source Interface: Select the interface that the device uses to communicate with the Infranet Controller. Select vlan1 if your device is operating in Transparent mode (Layer 2).
Password: Enter a string of up to 200 alphanumeric characters. This password is used when the device uses Netscreen Address Change Notification (NACN) to contact the Infranet Controller.
Selected CA: Select the CA from the pull-down menu. To create a CA, go to Objects > Certificates > New.
Full Subject Name of IC Cert: This is optional. Enter a name field for the Infranet Controller Certificate.
Click OK to save your settings.