User’s Guide – version 3.1.3 NetFlow Tracker 54 Management Portal Access Control Parameters
NetFlow Tracker allows management portals to set up re stricted access to the system
for multiple users. So long as it is possible to conceal the initial URL sent to NetFlow
Tracker it is possible for the user to fully interact with th e resulting report while being
prevented from accessing certain data.
Portal access requires that the restricted users can onl y access NetFlow Tracker via
the portal’s proxy server. You can use your firewall to hide the NetFlow Tracker server
from the Internet, or you can simply configure passwor d protection. The management
portal must also be registered with NetFlow Tracker using the Management Portal
Settings page.
Access restrictions are set up by including the manag ement portal’s secret value in the
URL along with a set of allowed devices, interfaces, rep orts, filters and interactive
features. If no restrictions of a particular type are set, then all elements of that type
are allowed, with the exception that if no device restri ctions are set they are implied
from the interface restrictions. Since this URL contai ns the management portal’s
secret value, it is important that it is not visible to the user; most management portals
have a way to provide access through their proxy while con cealing the actual URL being
sent to the underlying server.
Note that requests from a management portal are authen ticated automatically so a
username and password does not need to be included in the URL.
When NetFlow Tracker creates a report in response to a reques t from a management
portal, any interaction with that report will cause a cr yptographically secure identifier to
be included in the URL sent to the server. If a request fr om a management portal
contains neither the correct secret value nor a valid id entifier, or attempts to access a
resource forbidden by the access restrictions origi nally supplied by the management
portal, it will be rejected.
portalsecret – specifies the secret value assigned to the management portal in
Management Portal Settings.
<secret> The secret value
acldevice – specifies the address of a permitted NetFlow-exporting device. Format as
for device above.
aclif – specifies a permitted interface. Format as for inif above.
aclvpn – specifies a permitted VPN. Format as for invpn above.
acltemplid – specifies a permitted report template.
null No report templates are permitted
<id> Apermitted report template; see templid in Report Format
Parameters above for permitted values