HP 200 Unified Threat Management (UTM) Appliance manual Snmp login control configuration example

Page 123

Step

Command

Remarks

3.Configure an ACL rule.

rule [ rule-id] { deny permit } [ counting fragment logging source { sour-addr

sour-wildcard any } time-rangeN/A time-range-name vpn-instance

vpn-instance-name ] *

4. Exit the basic ACL view.	quit	N/A

	• SNMPv1/v2c community:
	snmp-agent community { read write }
	community-name [ mib-viewview-name ] [ acl
	acl-number acl ipv6 ipv6-acl-number ] *

•	SNMPv1/v2c group:
	snmp-agent group { v1 v2c } group-name
	[ read-view read-view] [ write-view write-view]
	[ notify-view notify-view] [ acl acl-number acl
	ipv6 ipv6-acl-number ] *
•	SNMPv3 group:
5. Apply the ACL to an	snmp-agent group v3 group-name
5. Apply the ACL to an	[ authentication privacy ] [ read-view
SNMP community, group,	read-view ] [ write-viewwrite-view ]
or user.	[ notify-view notify-view] [ acl acl-number acl
	ipv6 ipv6-acl-number ] *
•	SNMPv1/v2c user:
	snmp-agent usm-user { v1 v2c } user-name
	group-name [ acl acl-number acl ipv6
	ipv6-acl-number ] *
•	SNMPv3 user:
	snmp-agent usm-user v3 user-name
	group-name[ [ cipher ] authentication-mode
	{ md5 sha } auth-password[ privacy-mode
	{ 3des aes128 des56 } priv-password] ] [ acl
	acl-number acl ipv6 ipv6-acl-number ] *

For more information about SNMP, see System Management and Maintenance Configuration Guide.

NOTE:

Support for the ipv6 ipv6-acl-numberoption depends on the device model. For more information, see Getting Started Command Reference.

SNMP login control configuration example

Network requirements

Configure the firewall in Figure 79 to allow Host A and Host B to access the firewall through SNMP.

117

Image 123

Contents HP Firewalls and UTM Devices Page Contents Page Iii Page Appearance OverviewF1000-A-EI/F1000-S-EI OverviewFront view F1000-EF5000 Aspf Firewall modules Enhanced firewall modules Firewall module for 5800 switchesUTM products U200-A front view U200-AFirewall application Application scenariosF1000-A-EI/F1000-S-EI U200-SVPN application Virtual firewall applicationF1000-E Firewall modules F5000Clound computing data center application Enhanced firewall modulesEnterprise network applicatoin Remote access applicationUTM Network diagram Login method Default setting and configuration requirements Login overviewLogin methods at a glance Login methodsUser interface assignment CLI login method and user interface matrixUser interface Login method CLI user interfacesPage Logging in through the console port for the first time Default console port propertiesParameter Default Logging in to the CLIConnection description Setting the properties of the serial port Configuring console login control settingsLast-number Configuring none authentication for console loginAuthentication Configuration tasks Reference Mode Command RemarksConfiguring scheme authentication for console login Configuring password authentication for console loginHwtacacs-scheme-name Configuration GuidePassword Domain domain-nameSpeed speed-value Configuring common console user interface settings optionalLogging in through Telnet Telnet loginDevice role Requirements Telnet server and Telnet client configuration requirementsConfiguring none authentication for Telnet login Telnetting to the device without authentication Configuring password authentication for Telnet loginPassword authentication interface for Telnet login Configuring scheme authentication for Telnet loginUser only depend on the user Step Command Remarks Configuring common VTY user interface settings optionalValue Using the device to log in to a Telnet serverCommand CharacterTo use the device to log in to a Telnet server Logging in through SSHSSH server and client requirements Configuring the SSH server on the deviceLdap-scheme-name Ssh2 server Local login through the AUX portUsing the device to log in to an SSH server Started Command ReferenceAUX login diagram Hardware Feature compatibleConfiguring none authentication for AUX login Configuring password authentication for AUX login Password authentication interface for AUX login Configuring scheme authentication for AUX loginApply the specified AAA Ip alias ip-address port-number Configuring common settings for AUX login optionalDisplay type of both the device Default AUX port properties Login procedureConnecting the AUX port to a terminal Power on the device and press Enter at the prompt Regular-expression Displaying and maintaining CLI loginTask Command Remarks Include regular-expressionSend all num1 aux console Available in user view Vty num2 Configuration guidelines Logging in by using the default Web login settingsLogging in to the Web interface Configuring Web login Adding a Web login accountWeb captcha verification-code Configuring Http loginBasic Web login configuration requirements Object RequirementsConfiguring Https login Interface interface-type Interface-numberVerification-code Policy-name VPN Configuration GuideMask mask-length HttpsNetwork requirements Displaying and maintaining Web loginHttp login configuration example Configuration procedureHttps login configuration example # Create RSA local key pairs # Associate the Https service with SSL server policy myssl# Enable the Https service Configure the host Https clientConfiguring the Internet Explorer settings Troubleshooting Web browserFailure to access the device through the Web interface SymptomInternet Explorer setting Click OK in the Security Settings dialog box Configuring Firefox Web browser settingsFirefox Web browser setting Prerequisites Accessing the device through SnmpConfiguring Snmp access Configuring SNMPv3 accessNotify-view acl acl-number acl Configuring SNMPv1 or SNMPv2c accessIpv6 ipv6-acl-number See Getting Started Command Reference Priv-password acl acl-number acl ipv6 ipv6-acl-number# Configure an Snmp group Snmp login exampleStepCommand Remarks # Enable the Snmp agentPage Feature and hardware compatibility Logging in to the firewall module from the network deviceLogging in to the firewall module from the network device Configuring the Acsei protocol Resetting the system of the firewall moduleAcsei startup and running Acsei timersConfiguring Acsei server on the network device Acsei starts up and runs in the following proceduresClient-id Configuring Acsei client on the firewall moduleDisplaying and maintaining Acsei server and client Network requirements# Log in to the firewall module Configuration procedure# Set the clock synchronization timer to 10 minutes # Set the monitoring timer to 10 secondsPage Basic configuration Performing basic configuration in the Web interfaceOverview Click Next For basic configuration appears Basic configuration wizard-1/6Click Next For configuring service management appears Basic configuration wizard-2/6 basic informationBasic configuration wizard-3/6 service management Assign IP addresses to the interfaces Another serviceConfiguration items Click Next For configuring NAT appearsConfigure the parameters as described in Table IP/Wildcard Basic configuration wizard-6/6 Performing basic configuration at the CLIZone name zone-name id zone-id Global-nameInterface interface-type Ip address ip-address mask-length maskConfiguration Hardware Supported storage medium Configuring the device name in the Web interfaceConfiguring the device name at the CLI Managing the deviceConfiguring the system time in the Web interface Configuring the system timeDisplaying the current system time Calendar Configuring the network timeSource Interface Configuring the time zone and daylight saving timeThis example, Device a is the firewall Date and time configuration exampleConfiguring the local clock as the reference clock Configuration guidelines Configuring the system time at the CLIDate-time ± zone-offset System time configuration resultsDate-time Zone-offsetZone-offset + Both date-time To change the system timeDate-time ± zone-offset + Summer-offsetSetting the idle timeout timer in the Web interface Setting the idle timeout timer at the CLITo set the idle timeout timer Banner message input modes Configuring bannersTo enable displaying the copyright statement Enabling displaying the copyright statementTo configure banners Configuring the maximum number of concurrent usersConfiguring the exception handling method Rebooting the deviceRebooting the firewall in the Web interface Rebooting the firewall at the CLI Rebooting devices immediately at the CLIScheduling a device reboot Job configuration approaches Scheduling jobsComparison of non-modular and modular approaches View view-name Scheduling a job in the non-modular approachScheduling a job in the modular approach Job job-nameScheduled job configuration example Time time-id at time date command command# Create a job named pc1, and enter its view # Display information about scheduled jobs Setting the port status detection timer# Create a job named pc2, and enter its view # Create a job named pc3, and enter its viewTo set the port status detection timer Configuring temperature thresholds for a device or a moduleConfiguring basic temperature thresholds Configuring advanced temperature thresholdsMonitoring an NMS-connected interface Clearing unused 16-bit interface indexes Interface-number begin Verifying and diagnosing transceiver modulesVerifying transceiver modules Diagnosing transceiver modulesCommand Reference Displaying and maintaining device managementSee Getting Started Task Command Remarks Task Command Remarks Configuring a local user in the Web interface Managing usersUser levels Click Add Configure a local user, as described in Table Click ApplyConfiguration example Service type feature and hardware compatibilityItem Description Configuring a local user at the CLI Controlling user loginsConfiguring Telnet login control Ipv6-address prefix-length Configuring source IP-based Telnet login controlSource sour-addr sour-wildcard Vpn-instancevpn-instance-nameTelnet login control configuration example Configuring source MAC-based Telnet login controlRule-string Getting Started Configuring source IP-based Snmp login controlGroup-name acl acl-number acl ipv6 Snmp login control configuration exampleIpv6 ipv6-acl-number Read-view write-viewwrite-viewConfiguring source IP-based Web login control Configuring Web login controlUser-id user-nameuser-name Web login control configuration exampleLogging off online Web users Source sour-addr sour-wildcard N/A any time-rangeField Description Displaying online usersConvention Description Using the CLICommand conventions Command conventionsCLI views Using the undo form of a commandReturning to user view from any other view Task CommandEntering system view from user view Returning to the upper-level view from any viewAccessing the CLI online help Command line editing keys Entering a commandEditing a command line Abbreviating commandsUsage guidelines Configuring and using command keyword aliasesConfiguring and using hotkeys To configure a command keyword aliasEnabling redisplaying entered-but-not-submitted commands System-reserved hotkeysHotkey Function Error message Cause Understanding command-line error messagesUsing the command history function Common command-line error messagesControlling the CLI output Viewing history commandsSetting the command history buffer size for user interfaces Pausing between screens of outputFiltering the output from a display command Special characters supported in a regular expressionCharacter Meaning Examples Matches character1character2 Contain stringstring. string1string2\2 repeatsString1string2string2. string1string2\1\2 String1string2string1string2A being character2, but does not match 2a Configuring user privilege and command levelsConfiguring a user privilege level Command levels and user privilege levelsLevel Privilege Default set of commands Last-num1 vty first-num2 Last-num2 Management and MaintenanceBy default, the user privilege level Switching the user privilege level Privilege level switching authentication modes Authentication mode Keywords DescriptionInformation, see Access Control Configuration Guide Information required for user privilege level switching Switching to a higher user privilege levelView command Saving the running configurationChanging the level of a command To change the level of a commandSupport and other resources Contacting HPRelated information GUI conventions Command conventionsSymbols ConventionsPort numbering in examples Network topology iconsIndex 144

Related manuals

Manual 3 pages 45.38 Kb