Home
SafeLinx Administrator
The SafeLinx Administrator is a Java application that lets administrators configure, monitor, and maintain the resources of one or more SafeLinx Servers.
What is...
SafeLinx Administrator Help identifies and clarifies necessary topics.
Device resolver
The device resolver identifies devices when the devices connect to the network.

SafeLinx Administrator
The SafeLinx Administrator is a Java application that lets administrators configure, monitor, and maintain the resources of one or more SafeLinx Servers.
- Controlling resources and organizational units
  SafeLinx gives you control over all resources and organizational units.
- Customizing network configuration
  SafeLinx lets you customize your network configuration.
- Configuring for security
  SafeLinx includes options for configuring security.
- Managing administrators
  SafeLinx provides the tools to manage administrators.
- Managing users
  SafeLinx provides the tools to manage users.
- Troubleshooting problems
  SafeLinx helps you troubleshoot problems.
- What is...
  SafeLinx Administrator Help identifies and clarifies necessary topics.
  - Organizational unit
    An Organizational unit defines and groups resources.
  - Access manager
    The access manager program communicates with the SafeLinx Server's persistent data storage and manages the access to data.
  - SafeLinx Server
    The SafeLinx Server helps you connect mobile computing devices to your company's private intranet and the internet securely.
  - Mobile network connection
    A mobile network connection (MNC) is the SafeLinx Server's interface to a network provider.
  - Mobile access services
    Mobile access services integrate access for all supported wireless and wireline networks within a single resource.
  - Cluster manager
    A cluster manager is a resource that balances load and improves availability among SafeLinx Servers.
  - Messaging services
    Messaging services enable a web application server to send messages from a wired network to a client in a wireless network.
  - HTTP access services
    HTTP access services provide a secure tunnel for HTTP communication to any HTTP Version 1.1. client.
  - Directory server
    Directory servers allow the SafeLinx Server to use databases from existing user accounts.
  - Users
    User accounts allow a user to access the SafeLinx Client in order to connect to the SafeLinx Server.
  - Authentication profile
    An authentication profile is a set of third-party configuration properties, which are assigned to a connection profile or HTTP access service.
  - Admins
    Admins are users of the SafeLinx Administrator whose responsibilities range from initial configuration of a SafeLinx Server and definition of gateway resources, to maintaining and monitoring resources.
  - Access control lists (ACLs) and ACL Profiles
    An access control list (ACL) is a table of access levels for all resource types per organizational unit (OU). An ACL profile is a collection of ACLs that you assign to administrators to define their level of access to resources.
  - Mobile device
    A mobile device is device over which the SafeLinx Client uses to communicate with the SafeLinx Server. You define mobile devices to the SafeLinx Administrator to control which devices can access the SafeLinx Server.
  - Modem profile
    A modem profile enables a modem to communicate over a mobile network connection.
  - Wireless password policy
  - Group
    A group is a way to pool certain types of resources into an organizational unit.
  - Default resources
    Default resources is an organizational unit (OU) that contains some commonly used groups, profiles, and filters that are automatically installed with the SafeLinx Server.
  - Device resolver
    The device resolver identifies devices when the devices connect to the network.

Device resolver

The device resolver identifies devices when the devices connect to the network.

The device resolver on the SafeLinx Server works with network access servers (NAS) to uniquely identify devices whenever the devices connect to the network. The unique identity of a device is required before the SafeLinx Server passes the device identity in requests to other web servers and proxies in the network. When you enable the device resolver, this unique identifier is passed from the NAS upon request to the SafeLinx Server in the form of RADIUS authentication or RADIUS accounting messages.

The type of RADIUS messages that are sent from the NAS (authentication or accounting) depends on the NAS configuration and whether any other authentication or accounting servers exist in the network. You can configure the device resolver to return RADIUS responses directly back to the NAS, or you can configure it as a proxy. As a proxy, the device resolver forwards RADIUS messages to other servers in the network, then returns the subsequent responses to the NAS.

Because the NAS is configured to distribute an IP address from a pool of addresses to users as they connect to the network, this IP address does not uniquely identify a specific user. Because clients do not typically use the same address each time they connect to the network, the NAS must be configured to also send another identifier that uniquely identifies the device.

The unique identifier that is sent by the NAS is defined in the device resolver in terms of its RADIUS attribute type. These attribute types are defined in RADIUS authentication RFC 2865 and RADIUS accounting RFC 2866.

Configuring the device resolver consists of two parts:

Adding a device resolver to the SafeLinx Server
Enabling the device resolver

When you add a device resolver, you define information about the NAS, the ports on which the SafeLinx Server will listen for incoming RADIUS messages from the NAS, the type of unique device identifier, and optional RADIUS proxy forwarding options. You must add a device resolver for each network access server to which devices will connect. To add a device resolver resource, right-click the SafeLinx Server to which you want to add it, then click Add > Device resolver.

Note: Users who are identified by the device resolver are not displayed as active users in the SafeLinx Administrator.

Rate this topic

5 stars 4 stars 3 stars 2 stars 1 star

Comment on this topic.

By clicking this box, you acknowledge that you are NOT a U.S. Federal Government employee or agency, nor are you submitting information with respect to or on behalf of one. HCL provides software and services to U.S. Federal Government customers through its partners immixGroup, Inc. Contact this team at https://hcltechsw.com/resources/us-government-contact. Do not include any personal data in this Comment box. Note: To report a problem or question about the product software, do not use this form. Instead, go to the HCL Software Support site.