Filter
Top Products
Configuring SODA endpoint security for a WSS 597
Nortel WLAN—Security Switch 2300 Series Configuration Guide
Creating the SODA agent with SODA manager
Sygate On-Demand Manager (SODA Manager) is a Windows application used for configuring security policies based
on locations, and for creating agents that enforce those security policies. For information on how to use SODA Manager
to create security policies, see the documentation that came with the product.
You can use SODA Manager to create a SODA agent, configuring the level of security desired according to the require-
ments of your network. When a SODA agent is created (by pressing the Apply button in SODA Manager), a
subdirectory called On-DemandAgent is created in the C:\Program Files\Sygate\Sygate On-Demand directory.
You place the contents of the On-DemandAgent directory into a .zip file (for example, soda.ZIP) and copy the file to the
WSS using TFTP, as described in “Copying the SODA agent to the WSS” (page 598).
Note the following when creating the SODA agent in SODA Manager:
• The failure.html and success.html pages, when specified as success or failure URLs in SODA Manager, must be of
the format:
https://hostname/soda/ssid/xxx.html
where xxx refers to the name of the HTML file being accessed.
• The success and failure URLs configured in SODA Manager are required to have two keywords in them: /soda/ and
success.html or failure.html. The
/soda/ keyword must immediately follow the hostname. The hostname must match the Common Name specified in
the Web-based AAA certificate.
• The logout page is required to have /logout.html in the URL.
• The hostname of the logout page should be set to a name that resolves to the WSS’s IP address on the VLAN where
the client resides, or should be the IP address of the WSS on the Web Portal Web-based AAA VLAN; for example:
https://10.1.1.1/logout.html
The logout page should not point to a certificate hostname that is unreachable from the client’s VLAN,
nor should it point to an IP address that is on a different VLAN, which causes the source MAC address to
be changed to the default router’s (gateway’s) MAC address. The WSS uses the client’s source MAC
address and source IP address combination to make sure the client is permitted to log itself out.
If the source IP address is on a different VLAN, then the source MAC address does not match with the
session’s MAC address, and the logout procedure fails.
• Following the hostname, the URL of the logout page must exactly match logout.html. You cannot specify any other
subdirectories in the URL.
• Do not use the Partner Integration button in SODA Manager to create agent files.