Fluke Computer Accessories manual Management Portal Settings, http//proxy/tracker1/report1

You can use your own html page if you wish by putting it in the “customweb” folder under the NetFlow Tracker install folder; it is then available from the NetFlow Tracker server as, for example, http://server/customweb/file.html, so the homepage would be simply customweb/file.html.

Management Portal Settings

NetFlow Tracker allows a management portal to offer interactive NetFlow Tracker reports with device or interface level access control to multiple users, so long as the portal’s HTTP proxy server can conceal the initial URL sent to NetFlow Tracker, and can direct subsequent HTTP requests from the user interacting with the page to the correct NetFlow Tracker server, It is possible to use an Apache web server as a proxy if the management portal does not contain one or it is not sufficiently programmable.

Note that it is essential that NetFlow Tracker is password protected to prevent the system from being bypassed.

In order to set up portal access control you must first configure one or more secure secret values in NetFlow Tracker using the Management Portal Settings page. Each secret value has a tag that is simply used to identify it if you need to change or delete it. To add a new secret value enter a tag and the secret value twice and click “Add”. To remove a secret value, tick the box above the “Delete” button corresponding to it and click “Delete”.

Access control works as follows:

1.A user’s web browser requests a URL from the portal’s proxy server (probably as a result of an IFRAME in a portal page) that identifies a particular NetFlow Trracker report, e.g.:

http://<proxy>/tracker1/report1

2.The portal’s proxy server sends a request to the correct Tracker server that selects the correct report and contains one of the configured secret values and some access control parameters describing what the user can access:

http://<tracker1>/report.jsp?portalsecret=<secret>&aclif=...

3.NetFlow Tracker creates a session for the portal and logs it in. This session is restricted so that any request that does not contain an access list identifier (see below) is rejected.

4.The report generated by NetFlow Tracker ensures that any interaction such as clicking a link results in a request containing a securely-generated access list identifier:

http://<proxy>/tracker1/report.jsp?portalacl=...

5.The portal’s proxy server sends the request, unaltered, to the correct NetFlow Tracker server:

http://<tracker1>/report.jsp?portalacl=...

63