Scribd Logo
Carica

Benvenuto in Scribd!

  • Secure Client Hotel Mode

    Caricato da

    nblount
    142 visualizzazioni8 pagine
    Wireless Hotspot is a wireless broadband Internet access service available at public locations such as airport lounges, coffee shops and hotels. When using Hotspot application, a user launches a web browser and attempts to connect to the Internet. During the registration process, the user fills in the required information. Once the registration is complete, the user may continue surfing the internet.

    Descrizione originale:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    Wireless Hotspot is a wireless broadband Internet access service available at public locations such as airport lounges, coffee shops and hotels. When using Hotspot application, a user launches a web browser and attempts to connect to the Internet. During the registration process, the user fills in the required information. Once the registration is complete, the user may continue surfing the internet.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    142 visualizzazioni8 pagine

    Secure Client Hotel Mode

    Caricato da

    nblount
    Wireless Hotspot is a wireless broadband Internet access service available at public locations such as airport lounges, coffee shops and hotels. When using Hotspot application, a user launches a web browser and attempts to connect to the Internet. During the registration process, the user fills in the required information. Once the registration is complete, the user may continue surfing the internet.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 8

    CheckPoint Firewall-1

    SecureClient

    Hotel Mode
    Table of Content

    1 INTRODUCTION ................................................................................................................................ 3

    2 CONNECTING TO HOT SPOTS ....................................................................................................... 4

    3 HOT SPOT REGISTRATION ............................................................................................................. 4

    4 CONFIGURING HOT SPOT REGISTRATION .................................................................................. 5


    4.1 CONFIGURE MANUALLY ................................................................................................................ 5
    4.1.1 SecureClient .......................................................................................................................... 5
    4.1.2 Management Station ............................................................................................................. 6
    4.2 CONFIGURE FOM THE GUI IN NGX AND ABOVE .............................................................................. 7
    4.3 OPTIONS...................................................................................................................................... 8
    4.3.1 Local subnet access only ...................................................................................................... 8
    4.3.2 Track ...................................................................................................................................... 8
    4.3.3 Maximum time to complete registration ................................................................................. 8
    4.3.4 Allow access to maximum of # addresses ............................................................................ 8
    4.3.5 Ports to be opened during registration .................................................................................. 8
    1 Introduction
    Wireless Hotspot is a wireless broadband Internet access service available at public locations
    such as airport lounges, coffee shops and hotels.

    When using Hotspot application, a user launches a web browser and attempts to connect to the
    Internet. When this occurs, the browser is automatically redirected by the Hotspot server to the
    Hotspot Welcome page for registration. during the registration process, the user fills in the
    required information. Once the registration is complete, the user may continue surfing the
    Internet.

    Hotspot allows users with restrictive outbound policies and/or Hub Mode to register with Hotspot.

    When a user selects to allow Hotspot, SecureClient modifies the desktop security policy and/or
    Hub Mode routing to enable Hotspot registration. This modification is restricted by time, number
    of IP addresses and ports. SecureClient records the IP addresses and ports that were accessed
    during the registration phase.
    2 Connecting to Hot Spots
    If you need to register to a Hot Spot, on the connection window’s Options buttons, select
    Register to Hot Spot/Hotel.

    This suspends SecureClient’s settings for several minutes. During this time, SecureClient will not
    attempt to connect to the site, giving you enough time to register.

    3 Hot Spot Registration


    Enabling Hotspot registration can be done by either right clicking the system tray icon or by
    selecting the Options button in the Connect window.

    Once Register to Hot Spot/Hotel is selected, a balloon message appears indicating the time
    period allowed for registration.
    4 Configuring Hot Spot Registration
    4.1 Configure Manually
    4.1.1 SecureClient
    Enabling the Hotspot option is configured using the userc.c file. The Hotspot set (with
    defaults) is as follows:

    :hotspot(
    :enabled (false)
    :log (false)
    :connect_timeout (600)
    :max_ip_count (5)
    :block_hotspot_after_connect (false)
    :max_trials (0)
    :local_subnets (false)
    :ports(
    :(80)
    :(443)
    :(8080)
    )
    )

    Option Default Description


    Enabled false Set to true to enable a user to perform Hotspot
    registration
    Log false Set to true to send logs with the list of IP addresses
    and ports accessed during
    Registration
    Connect_timeout 600 Maximum number of seconds to complete
    registration
    block_hotspot_after_connect false If set to true upon successful connect, the recorded
    ports and addresses will not remain open
    max_trials 0 This value represents the maximum number of
    unsuccessful hotspot registration attempts that an
    end user may perform. Once this limit is reached, the
    user will not be allowed to attempt registration again.
    The counter is reset upon reboot, or upon a
    successful VPN connect. In addition, if you modify
    the max_trials value, the modification will take
    affect only upon successful connect, or reboot.
    max_trials 0 If the max_trials value is set to 0,
    an unlimited number of trials is allowed
    local_subnets false Restrict access to local subnets only
    ports
    80, 443, 8080
    Restrict access to specific ports

    Parameter Default Description

    scc sethotspotreg This command line interface now includes HotSpot/Hotel registration
    support.
    4.1.2 Management Station
    To configure this on the management station will require modifying the objects_5_0.C file, which
    is not supported, or use dbedit or guidbedit to modify the file. The registration section needs to be
    modified under properties->firewall_properties.

    :properties (
    : (firewall_properties

    Various Sections

    :registration (
    :AdminInfo (
    :chkpf_uid ("{D43FF3FE-D67E-11D9-9BD9-000000007F7F}")
    :ClassName (hotspot)
    )
    :ports (
    : (443)
    : (80)
    : (8080)
    )
    :block_hotspot_after_connect (false)
    :connect_timeout (600)
    :enabled (false)
    :is_dirty (true)
    :local_subnets (false)
    :log (false)
    :max_ip_count (5)
    :max_trials (0)
    )

    The same options are available as would be in configuring the userc.C file on the SecureClient.
    4.2 Configure fom the GUI in NGX and above
    From FireWall-1 NGX R60 the configuration of Hot Spot Registration is available through the GUI
    and can be found under the following Policy > Global Properties > Remote Access > Hot
    Spot/Hotel Registration.

    Select Enable registration to configure settings. Uncheck the menu option to cancel registration.
    When the feature is enabled, you have several minutes to complete registration.
    Below are the default settings when the service is enabled.

    4.3 Options
    4.3.1 Local subnet access only
    When enabled this allows the SecureClient to access all services on the local subnet that it is
    attached to, this allows more access than just the specified ports.

    4.3.2 Track
    This can be specified whether Registration access should be logged or not.

    4.3.3 Maximum time to complete registration


    This specifies in seconds how long a user has after they boot there machine to complete
    registration with a Hot Spot. If registration with a Hot Spot is not completed in the specified time a
    restart of the machine will be required.

    4.3.4 Allow access to maximum of # addresses


    This specifies how many addresses the machine can access during the time period before the
    SecureClient policy is enforced.

    4.3.5 Ports to be opened during registration


    These are the ports that the client can access to register with a Hot Spot. Up to a maximum of 10
    TCP ports can be specified which will be available for the time period.

    Potrebbero piacerti anche