Home
About UsOur CustomersContact Us 24/7MVP Expert Zone
WRTU
Forefront EDGE | TMG | UAG | IAG | DAForefront Endpoint | FEP | FCSForefront Server | FPE | FPSP | FSOCS | FSMMCIdentity and Access Management | IAM | IDM | FIMGeneral ForefrontMicrosoft Security
Articles
Intelligent Application Gateway | IAG 2007Forefront Unified Access Gateway | UAG 2010Forefront Threat Management Gateway | TMG 2010Forefront UAG DirectAccess | DAForefront Endpoint Protection | FEP 2010Forefront Client Security | FCSForefront Protection for Exchange | FPEForefront Protection for SharePoint | FPSPForefront Security for OCS | FSOCSForefront Server Security Management Console FPMCSForefront Identity Manager | FIM 2010Active Directory SecurityActive Directory Rights Management Services AD RMSActive Directory Federation Services | AD FSActive Directory Certificate Services | AD CS PKI
Videos
Intelligent Application Gateway | IAG 2007Forefront Unified Access Gateway | UAG 2010Forefront Threat Management Gateway | TMG 2010Forefront UAG DirectAccess | DAForefront Endpoint Protection | FEP 2010Forefront Client Security | FCSForefront Protection for Exchange | FPEForefront Protection for SharePoint | FPSPForefront Security for OCS | FSOCSForefront Server Security Management Console FPMSCActive Directory SecurityActive Directory Rights Management Services AD RMSActive Directory Federation Services | AD FSActive Directory Certificate Services | AD CS PKI
Forums
General for all Forums | AnnouncementsIntelligent Application Gateway | IAG 2007Forefront Unified Access Gateway | UAG 2010Forefront Threat Management Gateway | TMG 2010Forefront UAG DirectAccess | DAForefront Client Security | FCSForefront Endpoint Protection | FEP 2010Forefront Online Protection for Exchange | FOPEForefront Protection for Exchange | FPEForefront Protection for SharePoint | FPSPForefront Security for OCS | FSOCSForefront Identity Manage | FIM 2010Active Direcroty SecurityActive Direcroty Rights Management Services AD RMSActive Directory Federation Services | AD FS | WIFActive Directory Certificate Services | AD CS PKI
TechNet Forums
Services
DesignImplementationProject ManagementCustom Development and Customization
Online Training
Online Store
Shopping Cart
Online Support
Online Support and Debugging Tools
ForefrontSecurity TV
       
Article View
How to create different portals based on source IP address and custom scripts
Created by Idan on 9/29/2010 3:43:22 PM

Author: Ofer Nissim, Solution Architect, HP

Date: 11/08/2008

Before you begin

This article explains how to set different portal base on source IP address, for example:

  1. You want your internal or VPN users to get portal with more application publish
  2. You want that internal or VPN users will skip 2-factor authentication

Important to know!

In this article I set two IAG portals. The first portal is using port 443 and it use for public users and customers. The second portal use the same IAG IP address, but with port 444.

You can adjust these settings with any other IP address/port combination as well.

Prerequisites

You need to create 2 portals in IAG before continue to the next phase

Configuration Procedures

Step1: Download the script to your IAG

These steps assume that you have already created 2 portals in IAG configuration.

Download the scripts below and save it as: your internal or VPN portal name + 0 or 1 (0 for HTTP trunk and 1 for HTTPS) + "login.inc" for example:

PortalName0login.inc (for HTTP portals) or PortalName1login.inc (for HTTPS portals)

Put the script in "/whalecom/e-gap/von/internalsite/inc/customupdate/" folder. For example if your internal/VPN portal name called Portal1, copy this paragraph for a file "portal11login.inc" (the 11 is not a mistake):


<%
g_cookie = GetSessionCookie(g_site_name,g_secure)
'response.write getsessionparam(g_cookie,"SourceIP") & "<----" & g_cookie & "<--- cookie!"
'response.end
g_Source_IP=getsessionparam(g_cookie,"SourceIP")
For each i in IP
If inStr(i,"*")>0 then
  ListIP = "b" + (mid(i,1,inStr(i,"*")-1))
  SourceIP = "b" + g_Source_IP
else
  ListIP = "b" + i + "e"
  SourceIP = "b" + g_Source_IP + "e"
end if

'***** Check if the client IP address matches the IP range ****
 If inStr(SourceIP,ListIP)=0 then
  response.redirect GetSiteErrorPage() & "?error_code=120"
 end if
next
%>

 

 

 

Step2: Edit and copy the IP address file according to your need

Download the following script InternalIp.inc and place this file in "/whalecom/e-gap/von/internalsite/inc/customupdate/ " folder:

Step 3: Check your settings

Check your configuration from source IP address in your range of IP addresses that you put in the "internalIP.inc" file and from IP address that not in the range.

If you have any issues with this configuration please go to IAG Technical Forums in the following link: http://Forums.ForefrontSecurity.ORG

print
rating
 Comments