User’s Guide – version 3.1.3 | NetFlow Tracker |
Management Portal Access Control Parameters
NetFlow Tracker allows management portals to set up restricted access to the system for multiple users. So long as it is possible to conceal the initial URL sent to NetFlow Tracker it is possible for the user to fully interact with the resulting report while being prevented from accessing certain data.
Portal access requires that the restricted users can only access NetFlow Tracker via the portal’s proxy server. You can use your firewall to hide the NetFlow Tracker server from the Internet, or you can simply configure password protection. The management portal must also be registered with NetFlow Tracker using the Management Portal Settings page.
Access restrictions are set up by including the management portal’s secret value in the URL along with a set of allowed devices, interfaces, reports, filters and interactive features. If no restrictions of a particular type are set, then all elements of that type are allowed, with the exception that if no device restrictions are set they are implied from the interface restrictions. Since this URL contains the management portal’s secret value, it is important that it is not visible to the user; most management portals have a way to provide access through their proxy while concealing the actual URL being sent to the underlying server.
Note that requests from a management portal are authenticated automatically so a username and password does not need to be included in the URL.
When NetFlow Tracker creates a report in response to a request from a management portal, any interaction with that report will cause a cryptographically secure identifier to be included in the URL sent to the server. If a request from a management portal contains neither the correct secret value nor a valid identifier, or attempts to access a resource forbidden by the access restrictions originally supplied by the management portal, it will be rejected.
portalsecret – specifies the secret value assigned to the management portal in Management Portal Settings.
<secret>
The secret value
acldevice – specifies the address of a permitted
aclif – specifies a permitted interface. Format as for inif above.
aclvpn – specifies a permitted VPN. Format as for invpn above.
acltemplid – specifies a permitted report template.
null | No report templates are permitted |
<id> | A permitted report template; see templid in Report Format |
| Parameters above for permitted values |
54
