Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
SecureClient
Hotel Mode
Table of Content
1 INTRODUCTION ................................................................................................................................ 3
When using Hotspot application, a user launches a web browser and attempts to connect to the
Internet. When this occurs, the browser is automatically redirected by the Hotspot server to the
Hotspot Welcome page for registration. during the registration process, the user fills in the
required information. Once the registration is complete, the user may continue surfing the
Internet.
Hotspot allows users with restrictive outbound policies and/or Hub Mode to register with Hotspot.
When a user selects to allow Hotspot, SecureClient modifies the desktop security policy and/or
Hub Mode routing to enable Hotspot registration. This modification is restricted by time, number
of IP addresses and ports. SecureClient records the IP addresses and ports that were accessed
during the registration phase.
2 Connecting to Hot Spots
If you need to register to a Hot Spot, on the connection window’s Options buttons, select
Register to Hot Spot/Hotel.
This suspends SecureClient’s settings for several minutes. During this time, SecureClient will not
attempt to connect to the site, giving you enough time to register.
Once Register to Hot Spot/Hotel is selected, a balloon message appears indicating the time
period allowed for registration.
4 Configuring Hot Spot Registration
4.1 Configure Manually
4.1.1 SecureClient
Enabling the Hotspot option is configured using the userc.c file. The Hotspot set (with
defaults) is as follows:
:hotspot(
:enabled (false)
:log (false)
:connect_timeout (600)
:max_ip_count (5)
:block_hotspot_after_connect (false)
:max_trials (0)
:local_subnets (false)
:ports(
:(80)
:(443)
:(8080)
)
)
scc sethotspotreg This command line interface now includes HotSpot/Hotel registration
support.
4.1.2 Management Station
To configure this on the management station will require modifying the objects_5_0.C file, which
is not supported, or use dbedit or guidbedit to modify the file. The registration section needs to be
modified under properties->firewall_properties.
:properties (
: (firewall_properties
…
Various Sections
…
:registration (
:AdminInfo (
:chkpf_uid ("{D43FF3FE-D67E-11D9-9BD9-000000007F7F}")
:ClassName (hotspot)
)
:ports (
: (443)
: (80)
: (8080)
)
:block_hotspot_after_connect (false)
:connect_timeout (600)
:enabled (false)
:is_dirty (true)
:local_subnets (false)
:log (false)
:max_ip_count (5)
:max_trials (0)
)
The same options are available as would be in configuring the userc.C file on the SecureClient.
4.2 Configure fom the GUI in NGX and above
From FireWall-1 NGX R60 the configuration of Hot Spot Registration is available through the GUI
and can be found under the following Policy > Global Properties > Remote Access > Hot
Spot/Hotel Registration.
Select Enable registration to configure settings. Uncheck the menu option to cancel registration.
When the feature is enabled, you have several minutes to complete registration.
Below are the default settings when the service is enabled.
4.3 Options
4.3.1 Local subnet access only
When enabled this allows the SecureClient to access all services on the local subnet that it is
attached to, this allows more access than just the specified ports.
4.3.2 Track
This can be specified whether Registration access should be logged or not.