Previous Topic

Next Topic

Book Contents

Book Index

Using Secure HotSpot

Linked Diagram TemplateLinked Diagram Template

You can enable your UTM-1 appliance as a public Internet access hotspot for specific networks. When users on those networks attempt to access the Internet, they are automatically re-directed to the My HotSpot page http://my.hotspot.

Note: You can configure Secure HotSpot to use HTTPS. In this case, the My HotSpot page will be https://my.hotspot.

On this page, users must read and accept the My HotSpot terms of use, and if My HotSpot is configured to be password-protected, they must log in using their UTM-1 username and password. The users may then access the Internet or other corporate networks.

Linked Diagram Template

Users can also log out in the My HotSpot page.

Note: HotSpot users are automatically logged out after one hour of inactivity. If you are using RADIUS authentication, you can change the Secure HotSpot session timeout by configuring the RADIUS Session-Timeout Attribute. See Using RADIUS Authentication.

UTM-1 Secure HotSpot is useful in any wired or wireless environment where Web-based user authentication or terms-of-use approval is required prior to gaining access to the network. For example, Secure HotSpot can be used in public computer labs, educational institutions, libraries, Internet cafés, and so on.

The UTM-1 appliance allows you to add guest users quickly and easily. By default, guest users are given a username and password that expire in 24 hours and granted HotSpot Access permissions only. For information on adding quick guest users, see Adding Quick Guest Users.

You can choose to exclude specific network objects from HotSpot enforcement. Excluded network objects will be able to access the network without viewing the My HotSpot page. Furthermore, users will be able to access the excluded network object without viewing the My HotSpot page. For information on excluding network objects from HotSpot enforcement, see Using Network Objects.

Important: SecuRemote/SecureClient VPN software users who are authenticated by the Internal VPN Server are automatically exempt from HotSpot enforcement. This allows, for example, authenticated employees to gain full access to the corporate LAN, while guest users are permitted to access the Internet only.

Note: HotSpot enforcement can block traffic passing through the firewall; however, it does not block local traffic on the same network segment (traffic that does not pass through the firewall).

In This Section

Setting Up Secure HotSpot

Enabling/Disabling Secure HotSpot

Customizing Secure HotSpot

See Also

Setting Your Security Policy

The UTM-1 Firewall Security Policy

Default Security Policy

Setting the Firewall Security Level

Configuring Servers

Using Rules

Using Port-Based Security

Using NAT Rules

Using the EAP Authenticator