Configuring External Guest Authentication

NOTE: Lightweight Hotspot Messaging (LHM) defines the method and syntax for communications between a SonicWall wireless access device (such as a TZ Wireless or a SonicPoint with a governing SonicWall security appliance) and an Authentication Back-End (ABE) for the purpose of authenticating Hotspot users and providing them parametrically bound network access. For further information about how LHM interacts with the Enable External Guest Authentication feature, refer to SonicWall Lightweight Hotspot Messaging Tech Note available at the SonicWall Knowledge Base Web site https://support.sonicwall.com/kb-product-select.

Click the Configure button after selecting the Enable External Guest Authentication check box. The External Guest Authentication dialog displays.

In the Local Web Server Settings section, select either HTTPS (default) or HTTP from the Client Redirect Protocol drop-down menu.

In the External Web Server Settings section:

•

Select the Web Server:

•

Protocol: Select either HTTPS (default) or HTTP from the drop-down menu.

•

Host: From the drop-down menu, select an address object or create a new one.

•

Port: Enter the port number for the Web Server; the default port is 443.

•

Connection Timeout: Enter the time to elapse before the connection times out; the minimum value is 1 second, the maximum value is 20 seconds, and the default value is 15 seconds.

In the Message Authentication section,

•

Optionally, select Enable Message Authentication, which activates the following options.

•

From the Authentication Method drop-down menu, select:

•

HMAC - MD5 (default)

•

HMAC - SHA1

•

HMAC - SHA256

•

In the Shared Secret and Confirm Shared Secret fields, enter the authentication shared secret.

•

To display the shared secret as bullets, select Mask Shared Secret. If this option is not selected, the shared secret will display in normal text. This option is selected by default.

Click OK.

Click the Auth Pages tab.

Enter a CGI page for each of these options:

•

Session Expiration Page

•

Idle Time Out Page

•

Max Sessions Page

•

Traffic Exceeded Page

Click the Web Content tab.

In the Redirect Message section, select one of the radio buttons:

•

Use default (this is the default)

•

Customize: enter the text of your redirection message; text may include HTML formatting.

Optionally, click Preview to see how the message will be displayed in the External Guest Redirect window. To see the default message, click Preview as well.

In the Server Down Message section, select one of the radio buttons:

•

Use default (this is the default)

•

Customize: enter the text of your redirection message; text may include HTML formatting.

Optionally, click Preview to see how the message will be displayed in the Wireless Services Unavailable window. To see the default message, click Preview as well.

Click the Advanced tab.

In the Auto-Session Logout section, optionally select Enable Auto-Session Logout. The sub options become active.

Enter the time for logging out expired sessions in the Auto-logout Expired Sessions Every minutes. The default is 1 minute.

Enter the logout page in the Logout CGI field.

In the Server Status Check section, optionally select Enable Server Status Check. The sub options become active.

Enter the elapsed time between checking the server status in the Check Status Every minutes. The default is 5 minutes.

Enter the server status page in the Server Status CGI field.

In the Session Synchronization section, optionally select Enable Session Synchronization. The sub options become active.

Enter the elapsed time between synchronizing the session in the Synchronize Every minutes. The default is 10 minutes.

Enter the session synch page in the Session Sync CGI field.

Click OK.