When the firewall interworks with the TSM and the terminal is not configured with the agent program, three pages can be pushed, namely, the Web page, Web agent page, and download page. These three pages are saved on the TSM server. Meanwhile, the IP address of the firewall for pushing Web pages is bound to the server IP address (the IP address of the TSM Controller). If the server IP address is inconsistent with the address in the URL, an error is displayed on the firewall. As a result, the third-party Web pages cannot be pushed, as shown in the following figure:
In right-manager of the firewall, enter the correct server IP address, add a forged server IP address (the IP address of the third-party Web server), and then enter the third-party URL, as shown in the following figure:
On the TSM management interface, enter the IP address of the third-party server in the pre-authentication domain.
The firewall binds the URL to the server IP address. In this case, all URLs except the ones provided by the TSM server are identified as illegitimate.
This case is applicable to the scenario where the firewall pushes third-party Web pages. In the distributed deployment scenario, emergency channel, carefully set the minimum SC value of the emergency channel, because there are forged SC addresses (IP addresses of third-party Web servers) saved on the firewall.