Manualshelf

Specifications

ManualsBrandsADTRAN ManualsComputer equipmentBlueSecure Controller
21222324252627282930
3. Allow HTTP outgoing to the OCSP and CRL urls of your SSL certificate in the un-registered
role.
The default behavior of many of the browsers today for example Windows 7 with IE8 is if it cannot check
the validity of the SSL certificate it considers it invalid. The unfortunate thing is the browser does not
display a message or anything to indicate it could not validate the certificate it simply just doesn't display
a page or displays a generic page cannot be displayed message. Before a client is authenticated they are
placed in the un-registered role. By default the un-registered role only allows DNS outgoing therefore the
browser is unable to check the validity of the certificate and doesn't redirect to the login page.
If you go to web logins>ssl certificate on the right hand side you will see the properties of your
certificate. There you should see the OCSP (Online Certificate Status Protocol) or CRL (Certificate
Revocation List) urls. You may see one or both depending on the certificate. The browser uses these to
check the validity of the certificate.
Go to user roles>roles>click to edit the un-registered role>policies and allow HTTP to the OCSP and
CRL urls. It is recommended you upgrade to a minimum of 6.5.1.03 before allowing HTTP to the urls as
this software release introduces destination hostnames to account for the multiple ip addresses that may
resolve to a host name.
4. Adjust the seconds a client is allowed to hold the web server under general>http from a default
value of 300 to 10.
While clients are in the un-registered role the BSC's job is to redirect their port 80 requests and whatever
other ports are being monitored under general>http>HTTP/proxy ports to monitor to the login page. Each
client has multiple background processes running for example windows updates, antivirus updates, tool
bars, etc that continually perform requests as they are unable to access these services in the un-registered
role. Each one of these requests will by default hold onto the BSC's web server for 300 seconds.
Adjusting this to 10 will free up web server resources in environments with many users in the un-
registered role. It is recommended this setting be adjusted to 300 before an upgrade so that the status of
the upgrade may be maintained but to adjust to 10 thereafter. You may be prompted to click here to apply
after adjusting this setting. This will restart the web server. This will be non-intrusive to users on the
system. They will not be dropped but you will be dropped for a brief moment from the secure web based
administration console.
Unable to see windows file and printer shares of devices that are on the same BSC managed
network as as each other.
Windows uses broadcast traffic to resolve the netbios names of file and printer shares that are on the same
local subnet. By default BlueSecure Access Points (BSAPs) tunnel traffic back to the BlueSecure
Controller (BSC) in EtherIP (IP Protocol 97). By default the BSC does not send broadcast traffic back out