95Portal configurationIntroduction to portalPortal authentication, as its name implies, helps control access to the Internet. Portal authenticationis also called web authentication and a website implementing portal authentication is called aportal website.With portal authentication, an access device redirects all users to the portal authentication page.All users can access the free services provided on the portal website; but to access the Internet, auser must pass portal authentication.A user can access a known portal website and enter username and password for authentication.This authentication mode is called active authentication. There is still another authentication mode,forced authentication, in which the access device forces a user trying to access the Internet throughHTTP to log in to a portal website for authentication.The portal feature provides the flexibility for Internet service providers (ISPs) to manage services. Aportal website can, for example, present advertisements and deliver community and personalizedservices. In this way, broadband network providers, equipment providers, and content serviceproviders form an industrial ecological system.Introduction to extended portal functionsBy forcing users to implement patching and anti-virus policies, extended portal functions help usersto defend against viruses. The main extended functions are described as follows:• Security checking mechanism: The security checking mechanism works after the identityauthentication process to check that the required anti-virus software, virus definition updatesand OS patches are installed, and no unauthorized software is installed on the terminal of auser.• Resource access limit: A user passing identity authentication can access only networkresources in the quarantined area, such as the anti-virus server and patch server. Only userspassing both identity authentication and security checking can access restricted networkresources.Portal system componentsA typical portal system consists of five basic components: authentication client, access device,portal server, authentication/accounting server, and security policy server. See Figure 29.