When a client tries to access the internal network, the Gateway Enforcer establishes an authentication session with it. An authentication session is a set of challenge packets that are sent from a Gateway Enforcer appliance to a client.
During an authentication session, the Gateway Enforcer appliance sends a challenge packet to the client at a specified frequency. The default setting is every three seconds. It keeps sending packets until it receives a response from the client, or until it has sent out the maximum number of packets specified. The default number is 10 packages.
If the client responds and passes authentication, the Gateway Enforcer appliance allows it access to the internal network for a specified number of seconds. The default is 30 seconds. The Gateway Enforcer appliance starts a new authentication session during which the client must respond to retain the connection to the internal network. The Gateway Enforcer appliance disconnects the clients that do not respond or are rejected because they fail authentication.
If the client does not respond or fails authentication, the Gateway Enforcer appliance blocks it for a specified number of seconds. The default is 30 seconds. If another client tries to log on using that same IP address, it has to be reauthenticated.
You can configure the authentication session for each Gateway Enforcer appliance on the management server.