Portal system components, Authentication client, Access device – H3C Technologies H3C SecPath F1000-E User Manual
Page 3
2
•
Resource access limit: A user passing identity authentication can access only network resources in
the quarantined area, such as the anti-virus server and patch server. Only users passing both
identity authentication and security check can access restricted network resources.
Portal System Components
As shown in
, a typical portal system consists of five basic components: authentication client,
access device, portal server, authentication/accounting server, and security policy server.
NOTE:
A portal server can be an entity independent of the access device or an entity embedded in the access
device. Currently, the device does not support the embedded portal server (local portal server). In this
document, the term
portal server refers to an independent portal server.
Figure 1 Portal system components
Authentication client
Client system to be authenticated that is installed on a user’s host. It can be a browser using the Hypertext
Transfer Protocol (HTTP) or Hypertext Transfer Protocol Secure (HTTPS), or the portal client software. The
security check of a client depends on the communications between the client and the security policy
server.
Access device
Device for controlling user access. An access device provides the following three functions:
•
Redirecting all HTTP requests from unauthenticated users in authentication subnets to the portal
server.
•
Interacting with the portal server, security policy server and authentication/accounting server for
identity authentication, security check, and accounting.
•
Allowing users who have passed identity authentication and security check to access granted
Internet resources.