Mac OS with AV checks

Hi Mike,

 

 

Interesting one...i believe you can. Go ahead and configure your 'normal' Prelogon sequence on FirePass. Then change "Logon Allowed" action for the branch for which you wish to redirect to the OESIS server from "Logon Allowed" to ""External Logon Page (Client Data posted)" and configure this for the URL of your OESIS server. At this point i would configure a custom page on that server which would run the OESIS checks and then if that is all good you would need to do a HTTP POST back to FirePass like this (example external page using PHP and HTML):

 

 

// verify post_url is valid

 

if(!preg_match("/^(http[s]?:\/\/)([^\/\<\>]+)\/([^\<\>]*)$/i", $HTTP_POST_VARS["post_url"], $host)) {

 

echo(htmlentities($HTTP_POST_VARS["post_url"])." is not a valid URL");

 

exit;

 

}

 

// only POST to our firepass

 

if ($host[2] != "10.10.190.10") { <---- CHANGE THIS TO YOUR FIREPASS ADDRESS

 

echo(htmlentities($host[2]). " is not an authorized FirePass host.");

 

exit;

 

}

 

php?>

 

 

 

 

action="" method="post">

 

">

 

 

Username:

 

 

Password:

 

 

 

 

 

 

Please note that this form shows a basic logon page (username/password) so the idea is to have code in this page (or another page) which first executes the OESIS checks and then calls this page (if the OESIS checks pass). So when the FirePass does the Redirect to the external logon page from the Prelogon Sequence it sends two parameters:

 

 

client_data- this information should be passed to the FirePass my.activation.php3 without modifications.

 

post_url - URL on FirePass box to perform authentication by sending the login information, can be used to perform load balancing.

 

 

Hope this helps you out.

 

 

Cheers,

 

Mal

 

 

Thanks for the information, it helps out a lot!