H OTS POT GATEWAY ™Introduction 13Access Control and AuthenticationThe HSG ensures that all traffic to the Internet is blocked until authentication hasbeen completed, creating an additional level of security in the network. Also, allowsHotSpot operators to create their own unique “walled garden,” enabling users toaccess only certain predetermined Web sites before they have been authenticated.Nomadix simultaneously supports the secure browser-based Universal AccessMethod (UAM), IEEE 802.1x, and Smart Clients for companies such as AdjungoNetworks, Boingo Wireless, GRIC and iPass.SecurityThe patent-pending iNAT™ (Intelligent Network Address Translation) feature createsan intelligent mapping of IP Addresses and their associated VPN tunnels—by far themost reliable multi-session VPN passthrough to be tested against diverse VPNtermination servers from companies such as Cisco, Checkpoint, Nortel and Microsoft.Nomadix’ iNAT feature allows multiple tunnels to be established to the same VPNserver, creating a seamless connection for all users at the Public-access location.The HSG provides fine-grain management of DoS (Denial of Service) attacks throughits Session Rate Limiting (SRL) feature, and MAC filtering for improved networkreliability.5-Step Service BrandingA network enabled with the Nomadix HSG (or any other Nomadix Access Gateway)offers a 5-Step service branding methodology for Public-access operators and theirpartners, comprising:1. Initial Flash Page branding.2. Initial Portal Page Redirect (Pre-Authentication). Typically, this is used toredirect the user to a venue-specific Welcome and Login page.3. Home Page Redirect (Post-Authentication). This redirect page can betailored to the individual user (as part of the RADIUS Reply message, theURL is received by the NSE) or set to re-display itself at freely configurableintervals.4. The Information and Control Console (ICC) contains multiple opportunitiesfor an operator to display its branding or the branding of partners during theuser’s session. As an alternative to the ICC, a simple pop-up windowprovides the opportunity to display a single logo.5. The “Goodbye” page is a post-session page that can be defined either as aRADIUS VSA or be driven by the Internal Web Server (IWS) in the NSE.Using the IWS option means that this functionality is also available for otherpost-paid billing mechanisms (for example, post-paid PMS).
