Filter
Top Products
Working with public access attributes
Colubris AV-Pair attribute - Site values
Accounting support
Each rule in an access list can be configured with an account name for billing purposes. The
service controller sends billing information based on the amount of traffic matched by the
rule.
This lets you create rules to track and bill traffic to particular destinations.
Tips on using the access list
With certificates
If you replaced the default SSL certificate on the service controller with one signed by a
well-known CA, you should define the access list to permit access to the CA certificate
for all non-authenticated users. This enables the user’s browser to verify that the
certificate is valid without displaying any warning messages.
Users may have configured their Web browsers to check all SSL certificates against the
Certificate Revocation List (CRL) maintained by the CA that issued the certificate. The
location of the CRL may be configured in the browser, or embedded in the certificate.
The access list should be configured to permit access to the CRL, otherwise the user’s
browser times out before displaying the login page.
Remote login page
If you are using the remote login page feature, make sure that access to the Web server
hosting the login page is granted to all unauthenticated users via the site access list.
SMTP redirect
If an unauthenticated user establishes a connection to their email server, the SMTP redirect
feature will not work once the user logs in. The user’s email is still sent to the original email
server.
To avoid this, do not use an access list to open TCP port 25 for unauthenticated users.
Critical access list definitions (such as for a remote login page, certificates) should not use
the OPTIONAL setting because if these definitions fail to initialize there is no indication in the
log.
Defining access lists
Access lists are defined by adding the following Colubris AV-Pair value string to the RADIUS
profile for a service controller or to the local list (Public access > Attributes page).
access-list=value
Each value string defines one rule. Up to 99 rules can be defined for an access list.
All rules that make up an access list must be initialized without error for the list to be active.
(You can force the service controller to ignore initialization errors on a rule-by-rule basis by
using the OPTIONAL parameter.)
You can define up to 32 access lists.
9-33