Filter
Top Products
User’s Guide – version 3.1.3 NetFlow Tracker
54
Management Portal Access Control Parameters
NetFlow Tracker allows management portals to set up restricted access to the system
for multiple users. So long as it is possible to conceal the initial URL sent to NetFlow
Tracker it is possible for the user to fully interact with the resulting report while being
prevented from accessing certain data.
Portal access requires that the restricted users can only access NetFlow Tracker via
the portal’s proxy server. You can use your firewall to hide the NetFlow Tracker server
from the Internet, or you can simply configure password protection. The management
portal must also be registered with NetFlow Tracker using the Management Portal
Settings page.
Access restrictions are set up by including the management portal’s secret value in the
URL along with a set of allowed devices, interfaces, reports, filters and interactive
features. If no restrictions of a particular type are set, then all elements of that type
are allowed, with the exception that if no device restrictions are set they are implied
from the interface restrictions. Since this URL contains the management portal’s
secret value, it is important that it is not visible to the user; most management portals
have a way to provide access through their proxy while concealing the actual URL being
sent to the underlying server.
Note that requests from a management portal are authenticated automatically so a
username and password does not need to be included in the URL.
When NetFlow Tracker creates a report in response to a request from a management
portal, any interaction with that report will cause a cryptographically secure identifier to
be included in the URL sent to the server. If a request from a management portal
contains neither the correct secret value nor a valid identifier, or attempts to access a
resource forbidden by the access restrictions originally supplied by the management
portal, it will be rejected.
portalsecret – specifies the secret value assigned to the management portal in
Management Portal Settings
.
<secret>
The secret value
acldevice – specifies the address of a permitted NetFlow-exporting device. Format as
for device above.
aclif – specifies a permitted interface. Format as for inif above.
aclvpn – specifies a permitted VPN. Format as for invpn above.
acltemplid – specifies a permitted report template.
null
No report templates are permitted
<id>
A permitted report template; see templid in Report Format
Parameters above for permitted values