HP 200 Unified Threat Management (UTM) Appliance manual Domain domain-name, Hwtacacs-scheme-name

Page 31

Step

 

Command

Remarks

 

 

 

Whether local, RADIUS, or

 

 

 

HWTACACS authentication is

3.

Enable scheme

authentication-mode scheme

adopted depends on the configured

 

authentication.

AAA scheme.

 

 

 

 

 

By default, console login users are

 

 

 

not authenticated.

 

 

 

 

 

 

 

Optional.

4.

Enable command

command authorization

By default, command authorization

 

authorization.

is disabled. The commands

 

 

 

available for a user only depend on

 

 

 

the user privilege level.

 

 

 

 

 

 

 

Optional.

5.

Enable command

command accounting

By default, command accounting is

 

accounting.

disabled. The accounting server

 

 

 

does not record the commands

 

 

 

executed by users.

 

 

 

 

6.

Exit to system view.

quit

N/A

 

 

 

 

 

 

 

Optional.

 

 

a. Enter ISP domain view:

By default, local authentication is

 

 

domain domain-name

used.

 

 

b. Apply an AAA scheme to

For local authentication, configure

 

 

the domain:

local user accounts.

 

 

authentication default

For RADIUS or HWTACACS

7.

Apply an AAA

{ hwtacacs-scheme

authentication, configure the

 

authentication scheme to

hwtacacs-scheme-name

 

RADIUS or HWTACACS scheme on

 

the intended domain.

[ local ] local none

 

the device and configure

 

 

radius-scheme

 

 

authentication settings (including the

 

 

radius-scheme-name

 

 

username and password) on the

 

 

[ local ] }

 

 

server.

 

 

c. Exit to system view:

 

 

For more information about AAA

 

 

quit

 

 

configuration, see Access Control

 

 

 

 

 

 

Configuration Guide.

 

 

 

 

8.

Create a local user and

local-user user-name

By default, a local user named

 

enter local user view.

admin exists.

 

 

 

 

 

 

9.

Set an authentication

 

By default, the password for

password { cipher simple }

system-predefined user admin is

 

password for the local user.

password

admin, and no password is set for

 

 

 

any other local user.

 

 

 

 

10.

Specifies a command level

authorization-attribute level level

Optional.

 

of the local user.

By default, the command level is 0.

 

 

 

 

 

 

 

 

 

 

 

 

By default, the system-predefined

11. Specify terminal service for

 

user admin can use terminal service,

service-type terminal

Telnet service, SSH service, and

 

the local user.

 

 

Web service, and no service type is

 

 

 

 

 

 

specified for any other local user.

 

 

 

 

12.

Configure common settings

See "Configuring common console

Optional.

 

for console login.

user interface settings (optional)."

 

 

 

 

 

 

 

 

25

 

Image 31
Contents HP Firewalls and UTM Devices Page Contents Page Iii Page Appearance OverviewF1000-A-EI/F1000-S-EI OverviewFront view F1000-EF5000 Aspf Firewall modules Enhanced firewall modules Firewall module for 5800 switchesUTM products U200-A front view U200-AFirewall application Application scenariosF1000-A-EI/F1000-S-EI U200-SVPN application Virtual firewall applicationF1000-E Firewall modules F5000Clound computing data center application Enhanced firewall modulesEnterprise network applicatoin Remote access applicationUTM Network diagram Login method Default setting and configuration requirements Login overviewLogin methods at a glance Login methodsUser interface assignment CLI login method and user interface matrixUser interface Login method CLI user interfacesPage Logging in through the console port for the first time Default console port propertiesParameter Default Logging in to the CLIConnection description Setting the properties of the serial port Configuring console login control settingsLast-number Configuring none authentication for console loginAuthentication Configuration tasks Reference Mode Command RemarksConfiguring scheme authentication for console login Configuring password authentication for console loginHwtacacs-scheme-name Configuration GuidePassword Domain domain-nameSpeed speed-value Configuring common console user interface settings optionalLogging in through Telnet Telnet loginDevice role Requirements Telnet server and Telnet client configuration requirementsConfiguring none authentication for Telnet login Telnetting to the device without authentication Configuring password authentication for Telnet loginPassword authentication interface for Telnet login Configuring scheme authentication for Telnet loginUser only depend on the user Step Command Remarks Configuring common VTY user interface settings optionalValue Using the device to log in to a Telnet serverCommand CharacterTo use the device to log in to a Telnet server Logging in through SSHSSH server and client requirements Configuring the SSH server on the deviceLdap-scheme-name Ssh2 server Local login through the AUX portUsing the device to log in to an SSH server Started Command ReferenceAUX login diagram Hardware Feature compatibleConfiguring none authentication for AUX login Configuring password authentication for AUX login Password authentication interface for AUX login Configuring scheme authentication for AUX loginApply the specified AAA Ip alias ip-address port-number Configuring common settings for AUX login optionalDisplay type of both the device Default AUX port properties Login procedureConnecting the AUX port to a terminal Power on the device and press Enter at the prompt Regular-expression Displaying and maintaining CLI loginTask Command Remarks Include regular-expressionSend all num1 aux console Available in user view Vty num2 Logging in by using the default Web login settings Configuration guidelinesLogging in to the Web interface Configuring Web login Adding a Web login accountWeb captcha verification-code Configuring Http loginBasic Web login configuration requirements Object RequirementsInterface interface-type Interface-number Configuring Https loginVerification-code Policy-name VPN Configuration GuideMask mask-length HttpsNetwork requirements Displaying and maintaining Web loginHttp login configuration example Configuration procedureHttps login configuration example # Create RSA local key pairs # Associate the Https service with SSL server policy myssl# Enable the Https service Configure the host Https clientConfiguring the Internet Explorer settings Troubleshooting Web browserFailure to access the device through the Web interface SymptomInternet Explorer setting Click OK in the Security Settings dialog box Configuring Firefox Web browser settingsFirefox Web browser setting Prerequisites Accessing the device through SnmpConfiguring Snmp access Configuring SNMPv3 accessNotify-view acl acl-number acl Configuring SNMPv1 or SNMPv2c accessIpv6 ipv6-acl-number See Getting Started Command Reference Priv-password acl acl-number acl ipv6 ipv6-acl-number# Configure an Snmp group Snmp login exampleStepCommand Remarks # Enable the Snmp agentPage Logging in to the firewall module from the network device Feature and hardware compatibilityLogging in to the firewall module from the network device Configuring the Acsei protocol Resetting the system of the firewall moduleAcsei startup and running Acsei timersConfiguring Acsei server on the network device Acsei starts up and runs in the following proceduresClient-id Configuring Acsei client on the firewall moduleDisplaying and maintaining Acsei server and client Network requirements# Log in to the firewall module Configuration procedure# Set the clock synchronization timer to 10 minutes # Set the monitoring timer to 10 secondsPage Performing basic configuration in the Web interface Basic configurationOverview Click Next For basic configuration appears Basic configuration wizard-1/6Click Next For configuring service management appears Basic configuration wizard-2/6 basic informationBasic configuration wizard-3/6 service management Assign IP addresses to the interfaces Another serviceClick Next For configuring NAT appears Configuration itemsConfigure the parameters as described in Table IP/Wildcard Basic configuration wizard-6/6 Performing basic configuration at the CLIZone name zone-name id zone-id Global-nameInterface interface-type Ip address ip-address mask-length maskConfiguration Hardware Supported storage medium Configuring the device name in the Web interfaceConfiguring the device name at the CLI Managing the deviceConfiguring the system time Configuring the system time in the Web interfaceDisplaying the current system time Calendar Configuring the network timeSource Interface Configuring the time zone and daylight saving timeThis example, Device a is the firewall Date and time configuration exampleConfiguring the local clock as the reference clock Configuration guidelines Configuring the system time at the CLIDate-time ± zone-offset System time configuration resultsDate-time Zone-offsetZone-offset + Both date-time To change the system timeDate-time ± zone-offset + Summer-offsetSetting the idle timeout timer at the CLI Setting the idle timeout timer in the Web interfaceTo set the idle timeout timer Banner message input modes Configuring bannersTo enable displaying the copyright statement Enabling displaying the copyright statementTo configure banners Configuring the maximum number of concurrent usersRebooting the device Configuring the exception handling methodRebooting the firewall in the Web interface Rebooting devices immediately at the CLI Rebooting the firewall at the CLIScheduling a device reboot Scheduling jobs Job configuration approachesComparison of non-modular and modular approaches View view-name Scheduling a job in the non-modular approachScheduling a job in the modular approach Job job-nameTime time-id at time date command command Scheduled job configuration example# Create a job named pc1, and enter its view # Display information about scheduled jobs Setting the port status detection timer# Create a job named pc2, and enter its view # Create a job named pc3, and enter its viewTo set the port status detection timer Configuring temperature thresholds for a device or a moduleConfiguring basic temperature thresholds Configuring advanced temperature thresholdsMonitoring an NMS-connected interface Clearing unused 16-bit interface indexes Interface-number begin Verifying and diagnosing transceiver modulesVerifying transceiver modules Diagnosing transceiver modulesDisplaying and maintaining device management Command ReferenceSee Getting Started Task Command Remarks Task Command Remarks Managing users Configuring a local user in the Web interfaceUser levels Click Add Configure a local user, as described in Table Click ApplyService type feature and hardware compatibility Configuration exampleItem Description Controlling user logins Configuring a local user at the CLIConfiguring Telnet login control Ipv6-address prefix-length Configuring source IP-based Telnet login controlSource sour-addr sour-wildcard Vpn-instancevpn-instance-nameConfiguring source MAC-based Telnet login control Telnet login control configuration exampleRule-string Getting Started Configuring source IP-based Snmp login controlGroup-name acl acl-number acl ipv6 Snmp login control configuration exampleIpv6 ipv6-acl-number Read-view write-viewwrite-viewConfiguring source IP-based Web login control Configuring Web login controlUser-id user-nameuser-name Web login control configuration exampleLogging off online Web users Source sour-addr sour-wildcard N/A any time-rangeField Description Displaying online usersConvention Description Using the CLICommand conventions Command conventionsCLI views Using the undo form of a commandReturning to user view from any other view Task CommandEntering system view from user view Returning to the upper-level view from any viewAccessing the CLI online help Command line editing keys Entering a commandEditing a command line Abbreviating commandsUsage guidelines Configuring and using command keyword aliasesConfiguring and using hotkeys To configure a command keyword aliasSystem-reserved hotkeys Enabling redisplaying entered-but-not-submitted commandsHotkey Function Error message Cause Understanding command-line error messagesUsing the command history function Common command-line error messagesControlling the CLI output Viewing history commandsSetting the command history buffer size for user interfaces Pausing between screens of outputSpecial characters supported in a regular expression Filtering the output from a display commandCharacter Meaning Examples Matches character1character2 Contain stringstring. string1string2\2 repeatsString1string2string2. string1string2\1\2 String1string2string1string2A being character2, but does not match 2a Configuring user privilege and command levelsCommand levels and user privilege levels Configuring a user privilege levelLevel Privilege Default set of commands Last-num1 vty first-num2 Last-num2 Management and MaintenanceBy default, the user privilege level Switching the user privilege level Authentication mode Keywords Description Privilege level switching authentication modesInformation, see Access Control Configuration Guide Information required for user privilege level switching Switching to a higher user privilege levelView command Saving the running configurationChanging the level of a command To change the level of a commandContacting HP Support and other resourcesRelated information GUI conventions Command conventionsSymbols ConventionsPort numbering in examples Network topology iconsIndex 144
Related manuals
Manual 3 pages 45.38 Kb