Infranet Controller Configuration

Edit the following options to define new or edit existing Infranet Controller settings:

Infranet Controller Instance: Enter a friendly or meaningful name within 32 characters to identify the Infranet Controller.
IP/Domain Name: Enter an IPv4 address or the host name of the Infranet Controller.
Port: This is the port communicating with the Infranet Controller. The pre-configured default port is 11122. The solution will not work if you change the default port.
Timeout: Enter a value between 1-10,000 to specify the length of time in seconds for a device to stop contacting a non-responsive Infranet Controller. The default value is 60 seconds.
Redirect URL: If you've configured a redirect infranet-auth policy (see policies > Advanced > Infranet Auth), then enter an URL to redirect HTTP traffic to an Infranet Controller or external webserver through HTTPS.

Enter a URL string with the following format within double quotes:
“http://<connected Infranet Controller IP or domain name>/?target=%dest-url%”

See Examples

For example,

To redirect to an Infranet Controller and forward the protected resource URL, enter:

https://abc.company.com/?target=%dest-url%

To redirect to a webserver and forward the protected resource URL, enter:

https://server1.company.com/cgi-bin/redirect.cgi?target=%dest_url%

The security device replaces the %dest-url% parameter with the user-requested protected resource URL, and then forwards the protected resource URL in encrypted form to the Infranet Controller.

In the Redirect URL string, you can omit the ?target=%dest-url% parameter.

For example,

https://server1.company.com

If you do not include the %dest-url% parameter, the user must manually open a new Web browser window and enter the protected resource URL again after signing in.

Note: If you do not specify the URL, the security device uses the default redirect URL.. The default redirect URL (Infranet Controller) is not displayed.

If you configured your device to work with multiple Infranet Controllers in a cluster, and the current Infranet Controller becomes disconnected, the security device automatically redirects HTTP traffic to the next active Infranet Controller in its configuration list. The security device redirects traffic to only one Infranet Controller at a time.

For more information on using this captive portal When you deploy the Infranet Controller and Infranet Enforcer, users may not know that they must first sign into the Infranet Controller for authentication and endpoint security checking before they are allowed to access a protected resource behind the security device (Infranet Enforcer).

To help users sign into the Infranet Controller, you can configure a redirect infranet-auth policy in the Infranet Enforcer to automatically redirect HTTP traffic destined for protected resources to the Infranet Controller.

You can configure a captive portal for deployments that use either source IP-based enforcement or IPSec enforcement, or a combination of both enforcement methods. For more information on deploying the captive portal feature, see Policies > Advanced > Infranet Auth. feature, see the Unified Access Control Administration Guide.

NACN Parameters

Source Interface: Select the interface that the device uses to communicate with the Infranet Controller. Select vlan1 if your device is operating in Transparent mode (Layer 2).
Password: Enter a string of up to 200 alphanumeric characters. This password is used when the device uses NACN (Netscreen Address Change Notification) to contact the Infranet Controller.
Selected CA: Select the CA from the pull-down menu. To create a CA, go to Objects > Certificates > New.
Cert Subject Name: This is optional. Enter a name field for the Infranet Controller Certificate.

Click OK to save your settings.

June 15, 2006