Intellinet Network Solutions 524100 user manual Installation of Certificates

Page 14

Configuration of the Firewall/Router for Access across the Internet

To allow access to the Digital KVM over IP Switch behind a corporate firewall/router, establish the following settings on your firewall/router (not on your switch).

1.Configure a virtual server on your router (or ask your network administrator to do it) as mapped to the switch’s local IP address.

2.Open a port range (<port_base> – <port_base_+_9>) both inbound and outbound for the virtual server according to what has been previously configured as the port base for the switch.

As per the previous example, if the switch is configured with a port base of 5970, then the port range should be opened as 5970–5979 (i.e., <port_base> – <port_base +9>) both for inbound and outbound, in which:

for the switch’s viewer connection port: <port_base> = 5970

for the browser SSL connection port: <port_base + 8> = 5978

for viewer internal communication, etc.: <port_base + 9> = 5979

Example: Router Internet IP ‡‡ virtual server (port range open) ‡‡ switch’s local IP 61.232.134.120 ‡‡virtual server (port 5970–5979 open) ‡‡192.168.1.7

Once you’ve configured a virtual server with an appropriate port range open (<port_base> – <port_base_+_9>), you can try to access your switch across the Internet by using a public IP address and designated port number. Based on the previous example settings:

Browser access: https:// 61.232.134.120:5978

Viewer access: 61.232.134.120:5970

If you have domain name mapping to the public IP address, you can also use the domain name; for example:

Browser access: https:// www.mycompany.com:5978

Viewer access: www.mycompany.com:5970

NOTE: Once you’ve changed the port base of your switch, you should also modify the open port range on your router accordingly if you want Internet access to come across.

Installation of Certificates

NOTE: You can use the default set of certificates (on the included CD) to practice making some PKI-authenticated connections as long as your network safety isn’t jeopardized. It’s recommended that this be done within your local area network, assuming it’s well secured with an adequate firewall and other due precautions against network intrusions. Otherwise, anyone who has a copy of the default certificates can establish a connection to your servers. If you have already obtained a set of certificates with the file names and formats required for the switch (which is strongly recommended), you can use them for viewer authentication. You can also generate the certificates using software like XCA. (For certificate generation using XCA, refer to “How to Generate KLE Certificates Using XCA” on the included CD.)

First, you need to have these certificates — as mentioned above, if you haven’t obtained your own certificates, you can use the default set of certificates — ready on your client computers for uploading to the switch via a Web browser:

root certificate (root.crt)

server certificate (server.crt), and

server private key (serverkey.pem)

Once you’ve located whichever set of certificates is to be used, you can begin the installation process.

1. Access the switch’s Web Management interface and go to the Security Settings screen.

14INSTALLATION

Image 14
Contents Model Page FCC Statement CE StatementTable of contents LAN/WAN Configurations System architecturePower Control Configuration PPP Configuration Console Management Port RJ-12 Restore Factory DefaultsPS/2 Mouse Port Status LEDsPower Adapter Jack Digital KVM over IP Switch SetupServer Configuration Side PanelAdditional Server Configuration Considerations Windows56 Hz Network Settings Port Base Settings Https//192.168.1.200.5978Installation of Certificates Installation Selection of a Security Level for Viewer Connection Selection of a User Password Policy Installation of a Win32 Viewer Installation of a Java ViewerImport a Client Certificate to a Java Viewer Importing Certificates to a Viewer on a Client ComputerImport a Client Certificate to a Win32 Viewer Misc/Session Viewer Connection OptionsCompression Encoding DisplayEstablishing the Viewer Connection Cursor Settings/SynchronizationSaving Connection Settings Full Screen Mode Win32 Viewer SettingsWindow Size Adjustment Window Size ScalingViewer Connection Viewer Quick Menu Title Bar InformationSelect Computer Box Win32 ViewerNew connection Make another new connection using the viewer Video Display Troubleshooting Switch’s booting time has become unduly long. What’s wrong?When the viewer connection is made, select User Privileges SUPERADMIN, ADMIN, User Web-Based Management InterfaceDownload ViewersMain Date & Time Time ZoneInternet Time Main SecurityLocal Time Certificates and Keys Viewer ConnectionsMain LAN TCP/IP TCP/IP Settings Main WAN PPPPPP Mode PPP Server SettingsTimeout PPP Client SettingsKVM Server Log KVM Server Main Settings Video QualityAttached KVM ScanningKVM Server Viewer Connection Settings Largest Possible Screen Server Name for ViewersKeyboard Layout Hot KeysMouse Resynchronize Key KVM Server ComputersViewer Hot Keys Double-Byte LanguagesPort Number AlarmsPower Management Computer NameSimple Users Can Control Power KVM Server Power ControlEnable Power Control through the Serial Interface Power Device LoginEscape Sequences Login Dialog chat styleComments KVM Server KVM Switch Database Model Name Delay Between KeysKVM Model Number of PortsKVM Server Video Mode Database Video ModeWidth Users Local DatabaseRefresh Rate HeightWeb Management interface and the viewers Directory Server Using Ldap Users Remote Servers User Remote AuthenticationAuthentication Server Type Radius Server Enable Radius Accounting Users Radius AccountingUsers Current Status Alarms E-mails Alarms Snmp TrapsAlarms Selection Management Over a Browser NumLock Test Alarm Frozen Keyboard Maintenance Software VersionMaintenance Software Upgrade Maintenance Configuration Save and Restore Maintenance Reboot Apply Settings Restart ServersManagement Over a Browser Standards PowerPackage Contents General