Applies To:

Show Versions Show Versions

Manual Chapter: FirePass® Controller version 6.0 Administrator Guide: Glossary
Manual Chapter
Table of Contents   |   << Previous Chapter


access control list (ACL)

A set of restrictions associated with a resource or favorite that defines access for users and groups.


In the pre-logon sequence editor, an action, depicted by a rectangle, is an ordered set of rules for evaluating a remote system. Each action invokes one or more inspectors. The action then uses rules to test the inspectors' findings.

active controller/active unit

In a redundant system, the active unit is the system that currently load balances connections. If the active unit in the redundant system fails, the standby unit assumes control and begins to load balance connections. See also redundant system.

Active Directory

A network structure supported by Windows® 2000, or later, that provides support for tracking and locating any object on a network.

Administrative Console

The Administrative Console is the browser-based application that you use to configure the FirePass controller.


Authentication is the process of verifying the identity of a user logging on to a network.


Authorization is the process of enabling user access to resources, applications, and network shares.

Application Access

Application Access is a FirePass controller feature that provides remote users with web-based remote access to email servers, intranet servers, file servers, terminal services, and legacy mainframe, character-based, terminal applications. See also Network Access and Portal Access .

App Tunnel

An App Tunnel is a secure, application-level TCP/IP connection from the client to a specific set of IP addresses and ports on the network.


A certificate is an online credential signed by a trusted certificate authority and used for SSL network traffic as a method of authentication.

client certificate

A client certificate enables the FirePass controller to verify the identity of a user's computer, and to control access to specific resources, applications, and files.

client components

A client component is a control downloaded from the FirePass controller that enables the various features of FirePass controller functionality.


A cluster is a group of FirePass controller nodes that provide common user services, and can distribute the load of active sessions across all controllers in the cluster. See also cluster node , primary node , and secondary node .

cluster node

A cluster node represents one station in a cluster, and can consist of a single FirePass controller, or a redundant system. See also cluster , primary node , redundant system , and secondary node .

domain name

A domain name is a unique name that is associated with one or more IP addresses. Domain names are used in URLs to identify particular Web pages. For example, in the URL, the domain name is

Domain Name System (DNS)

The Domain Name System (DNS) is a system that stores information associated with domain names, making it possible to convert IP addresses such as, into more easily understood names such as

Dynamic Host Configuration Protocol (DHCP)

DHCP is a protocol for assigning dynamic IP addresses to devices on a network. With dynamic addressing, a device can be assigned a different IP address every time it connects to the network.

dynamic group mapping

In dynamic group mapping, the FirePass controller associates a user with a master group and with resource groups dynamically at user logon time. See also master group and resource group .

dynamic tunnel

A dynamic tunnel is a connection that the FirePass controller establishes to a set of dynamic IP addressees and ports, in response to an application request. See also tunnel and static tunnel .

endpoint security

Endpoint security is a centrally managed method of monitoring and maintaining client-system security. See also pre-logon sequence , protected configuration , and resource protection .


Failover is the process whereby a standby unit in a redundant system takes over when a software failure or a hardware failure is detected on the active unit. See also active controller/active unit and standby controller/standby unit .

failover pair

See redundant system .


A favorite is a webtop link defined by the FirePass controller administrator or the user that contains all of the information needed for the client computer to access a location, file share, or application on the company network. See also webtop .

FIPS compliant

Federal Information Processing Standards (FIPS) are publicly announced standards developed by the U.S. Federal government for use by all (non-military) government agencies and by government contractors. The FirePass controller can be configured with FIPS 140-encryption hardware, which stores all certificates and private keys in the FIPS hardware.


See fully qualified domain name.

Full Access

Full Access is the realm that gives superusers complete access to realm-configuration. See also realm administrator and superuser .

fully qualified domain name

The fully qualified domain name (FQDN) is an unambiguous domain name that specifies a node's position in the DNS tree hierarchy absolutely, for example, See also domain name.

group mapping

See dynamic group mapping .


The heartbeat is a activity indicator signal that the active controller sends to notify the standby controller that the active controller is running See also active controller/active unit and standby controller/standby unit .

high availability

High availability is the process of ensuring access to resources despite any failures or loss of service in the setup. For hardware, high availability is ensured by the presence of a redundant system. See also redundant system.

HTTP (HyperText Transport Protocol)

HTTP is the method that is used to transfer information on the Internet and on intranets.

HTTPS (HyperText Transport Protocol (Secure))

HTTPS is HyperText Transport Protocol (Secure), or secure HTTP. See also HTTP (HyperText Transport Protocol) .


A physical port on an F5 system is called an interface.

IP address

An IP address (Internet Protocol address) is a unique number that identifies a single device and enables it to use the Internet Protocol standard to communicate with another device on a network. See also self IP address and virtual IP address .


IPsec (Internet Protocol Security) is a communications protocol that provides security for the network layer of the Internet without imposing requirements on applications running above it.


An inspector is an ActiveX control or Java plug-in that gathers information about the user's computer, evaluating factors such as the presence of viruses or antivirus software, operating system version, running processes, and others.

load balancing

The process the primary node uses to distribute user sessions among all the nodes in the cluster is called load balancing. See also cluster and primary node .

local traffic management (LTM)

Local traffic management refers to the process of managing network traffic that comes into or goes out of a local area network (LAN), including an intranet.

Maintenance Console

The Maintenance Console is a utility that provides administrative access to the FirePass controller. You can access the Maintenance Console from the Administrative Console or from a workstation that is directly connected to the FirePass controller.

Management interface

The Management interface is a port on the FirePass 4100 that is intended solely for administrative operations performed from a workstation that is directly connected to the FirePass controller.

master group

A master group is a collection of users that contains authentication settings, overall security configuration settings for groups of users, network access filtering policies, user experience, and user accounts.

name resolution

Name resolution is the process by which a name server matches a domain name request to an IP address, and sends the information to the client requesting the resolution.

NAT (Network Address Translation)

A NAT is an alias IP address that identifies a specific node managed by the FirePass system to the external network.

Network Access

Network Access is a FirePass controller feature that provides secure access to corporate applications and data using a standard web browser. See also Portal Access and Application Access .

network configuration

Network configuration is the process of setting up the FirePass controller's web services on network interfaces. See also web service .


A port is a number that is associated with a specific service supported by a host.

Portal Access

Portal Access is a FirePass controller feature that provides users access to network resources without requiring the download of any controls to the client machine. See also Network Access and Application Access .

pre-logon sequence

A pre-logon sequence defines a set of actions that need to be taken in order to evaluate the client system or device.

primary node

The primary node in a cluster (also known as the master) first handles incoming connections, and then redirects each session to an available secondary node, or services the connection itself. The primary node maintains configurations for all user groups and user resources the cluster supports. See also cluster , cluster node , load balancing , and secondary node .

protected configuration

A protected configuration is a collection of safety measures or checks that guard the connection and client system against various kinds of attacks or threats. The protected configuration takes information gathered by the pre-logon sequence and instructs the system to respond based on the result.

Quick Setup

The Quick Setup wizard is a program that you can run from the Administrative Console that guides you through the initial configuration tasks for the FirePass controller.


A realm is a complete set of roles, master groups, and resource groups.

realm administrator

Realm administrators are users who can create their own hierarchy of access to the groups and resources inside their realm. In a typical setup, the master and resource groups of one realm are not accessible to administrators of another realm, although superusers or realm administrators can grant access across realms. See also superuser .

redundant system

Redundant system refers to a pair of units that are configured for failover. In a redundant system, there are two units, one running as the active unit and one running as the standby unit. If the active unit fails, the standby unit takes over and manages connection requests.


A resource is an application, a file, or a server on your network to which you want users to have secure access.

resource group

A resource group is a collection of resources, access control lists, and protection criteria, which includes your company intranet servers, applications, and network shares.

resource protection

Resource protection is the process of using a defined protected configuration to protect a set of resources. See also protected configuration .


Rules test the inspectors' findings about a client system. The order of rules in a pre-logon sequence determines the flow of action.

secondary node

Each secondary node in a cluster (also known as a slave) services user sessions as requested by the primary node, and independently maintains its own network configuration. See also cluster , cluster node , load balancing , and primary node .

SED (Stream EDitor)

SED is a scripting language that you can use to locate a pattern in an incoming web page, and modify the match before sending the web page to the client.

self IP address

A self IP address is an IP address that uniquely identifies each FirePass controller interface or VLAN interface. See also IP address and virtual IP address .


See pre-logon sequence .

server certificate

A server certificate verifies the server's identity to a user's computer

session variable

A session variable contains a number or string that represents a specific piece of information about the client system, the FirePass controller, or another piece of information.

signup template

A form that the FirePass controller presents to users at initial logon time that automatically adds the user to the group on the external server.


A snapshot is a compressed set of files that represent the FirePass controller's system settings. You can create and restore a snapshot using the Maintenance Console. See also Maintenance Console .

split tunneling

Split tunneling is a process that directs through the Network Access tunnel or App Tunnel all network traffic that is not destined for the address specified.

SSL (Secure Sockets Layer)

SSL is a network communications protocol that uses public-key technology as a way to transmit data in a secure manner.

standby controller/standby unit

A standby unit in a redundant system is a unit that is always prepared to become the active unit if the active unit fails.

static tunnel

A static tunnel is a connection that the FirePass controller establishes to a specific set of IP addresses and ports on the network. when the client clicks to run a favorite, before the application starts. See also tunnel and dynamic tunnel .

strong password

A strong password is one that is difficult to detect by both humans and computer programs, which effectively protects data from unauthorized access. A strong password typically consists of a specific number of alphanumeric characters of differing case as well as certain punctuation characters.


Subsequences are defined sets of actions that run when processing encounters a branch in the pre-logon sequence. See also pre-logon sequence .


Superusers are users who have cross-realm access to all groups and features. A superuser creates realm administrators, upgrading them from FirePass controller users, and delegating full or restricted access to FirePass controller functionality or groups. See also realm administrator .


Synchronization is the process used by the primary node to synchronize data with the secondary nodes of a cluster. See also cluster , primary node , and secondary node .


The trace feature provides an easy way for you to capture logs of user sessions through the Web Applications feature of Portal Access.


A tunnel is a secure connection between computers or networks over a public network.

URI (Uniform Resource Identifier)

A URI is a Uniform Resource Identifier. In the FirePass controller context, URI means the fully-qualified domain name, followed by the path designator /<uri-specific_path>.

virtual host

In the FirePass controller context, a virtual host means the domain name or IP address that users specify when logging on to a web service you create on a virtual IP. See also virtual IP address .

virtual IP address

A virtual IP address is an IP address that identifies a virtual (that is, non-physical) network location. The FirePass controller uses virtual IP addresses for redundant systems. See also IP address , redundant system , and self IP address .

visual policy editor

The visual policy editor consists of a graphical area in which you create a pre-logon sequence by clicking to add and delete actions and rules. See also pre-logon sequence , action , and rule .


A webifyer is a FirePass controller feature that uses a browser to provide nonbrowser-based application functionality. The FirePass controller uses webifyers to present the Portal Access applications Windows Files and Mobile E-Mail, as well as the Application Access applications Legacy Hosts, Terminal Servers, and more.

web service

A web service is a method of communication that applications written in various programming languages and running on various platforms can use to exchange data over networks, such as the Internet or an intranet.


The webtop is the user's home page, which contains links that are configured as favorites for that user's master group. Along the left side of the webtop are icons representing various functionality. Depending on how the webtop is configured, users may be able to add their own favorites by clicking an icon and adding links.

Table of Contents   |   << Previous Chapter

Was this resource helpful in solving your issue?

NOTE: Please do not provide personal information.

Additional Comments (optional)