Accounting And System Shutdowns; Limitations With Nat; Radius Advanced Settings - D-Link DFL-260E User Manual
Network security firewall netdefendos version 2.40.00
Hide thumbs
Also See for DFL-260E:
- Reference manual (948 pages) ,
- Log reference manual (652 pages) ,
- User manual (552 pages)
Table of Contents
Advertisement
2.3.8. Accounting and System
Shutdowns
Allow on error to determine how this situation is handled.
If the Allow on error setting is enabled, an already authenticated user's session will be unaffected.
If it is not enabled, any affected user will automatically be logged out even if they have already been
authenticated.
2.3.8. Accounting and System Shutdowns
In the case that the client for some reason fails to send a RADIUS AccountingRequest STOP packet,
the accounting server will never be able to update its user statistics, but will most likely believe that
the session is still active. This situation should be avoided.
In the case that the NetDefend Firewall administrator issues a shutdown command while
authenticated users are still online, the AccountingRequest STOP packet will potentially never be
sent. To avoid this, the advanced setting Logout at shutdown allows the administrator to explicitly
specify that NetDefendOS must first send a STOP message for any authenticated users to any
configured RADIUS servers before commencing with the shutdown.
2.3.9. Limitations with NAT
The User Authentication module in NetDefendOS is based on the user's IP address. Problems can
therefore occur with users who have the same IP address.
This can happen, for example, when several users are behind the same network using NAT to allow
network access through a single external IP address. This means that as soon as one user is
authenticated, traffic coming through that NAT IP address could be assumed to be coming from that
one authenticated user even though it may come from other users on the same network.
NetDefendOS RADIUS Accounting will therefore gather statistics for all the users on the network
together as though they were one user instead of individuals.
2.3.10. RADIUS Advanced Settings
The following advanced settings are available with RADIUS accounting:
Allow on error
If there is no response from a configured RADIUS accounting server when sending accounting data
for a user that has already been authenticated, then enabling this setting means that the user will
continue to be logged in.
Disabling the setting will mean that the user will be logged out if the RADIUS accounting server
cannot be reached even though the user has been previously authenticated.
Default: Enabled
Logout at shutdown
If there is an orderly shutdown of the NetDefend Firewall by the administrator, then NetDefendOS
will delay the shutdown until it has sent RADIUS accounting STOP messages to any configured
RADIUS server.
If this option is not enabled, NetDefendOS will shutdown even though there may be RADIUS
accounting sessions that have not been correctly terminated. This could lead to the situation that the
RADIUS server will assume users are still logged in even though their sessions have been
terminated.
Default: Enabled
Chapter 2. Management and Maintenance
69
Advertisement
Table of Contents
Troubleshooting
