I'm creating a PoC whereby I want to use PacketFence as an inline NAC. What
makes this deployment special is that I have to use an external captive portal.
I believe the following steps are needed and wanted to run it by the forum to
see if I'm lost in crazy town.
* Configure PF to always allow traffic from my LAN to the captive portal
address (passthrough)
* Configure PF DHCP to return a DNS of PacketFence server
* Configure pfdns to resolve all domain name requests to the IP address
of the external captive portal
o This would only have to be true for non-existent or 'unregistered'
devices.. so I guess I'm not sure how to configure this
* Users uses the external captive portal to log in, using its own user
database
* Upon successful login, the external captive portal calls the
PacketFence API functions to register the Node (api.pm)
* As a result PacketFence updates its iptables to allow access for the
device
Any thoughts on this? Major stumbling blocks, functionality that I would lose?
Is it a gross misuse, or perhaps already supported?
On the surface it seems reasonable: use PacketFence as the NAC engine with my
own captive portal.
Thank you much,
Henning
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
