Technical Documentation

Contact Interval

The time interval (in seconds) that the Infranet Enforcer waits before attempting to connect to the next available Infranet Controller; the default interval is set to 10 seconds.

Action on Timeout

For any reason, if your connection to the Infranet Controller times out, the device terminates the SSH connection and clears all Infranet Controller related context. You can change this behavior by setting the timeout action to “Open,” in which case the Infranet Enforcer allows all traffic; or “No Change,” in which case the Infranet Enforcer preserves the current state of all existing tunnel sessions.

Enforcer Mode

This setting takes the Infranet Enforcer out of regular mode and into Test mode. Test mode is recommended before you actually deploy the Infranet Enforcer enabling you to evaluate how the solution works. In this mode, the Infranet Enforcer allows all traffic that matches the Infranet policy. Logs are created indicating the behavior of the Infranet Enforcer as if it were operating in Regular mode.

Infranet Controllers

You can configure up to eight (8) Infranet Controllers. The order in which these are entered is used by the Infranet Enforcer to contact each Infranet Controller. Devices permit only one redirect URL per Infranet Controller.

In devices running ScreenOS 6.2 or later, when UAC is deployed through a ScreenOS firewall, the firewall acts as the Infranet Enforcer and redirects unauthorized access to a configured URL (captive portal). The device configures the redirect URL through a policy, which means that more than one redirect URL can be configured for the same Infranet Controller.