HP 200 Unified Threat Management (UTM) Appliance manual User only depend on the user

Page 38

Step

 

Command

Remarks

3.

Enter one or multiple

user-interface vty first-number

N/A

 

VTY user interface views.

[ last-number ]

 

 

 

 

 

 

 

 

 

Whether local, RADIUS, or

 

 

 

HWTACACS authentication is adopted

4.

Enable scheme

authentication-mode scheme

depends on the configured AAA

 

authentication.

scheme.

 

 

 

 

 

By default, local authentication is

 

 

 

adopted.

 

 

 

 

 

 

 

Optional.

5.

Enable command

command authorization

By default, command authorization is

 

authorization.

disabled. The commands available for

 

 

 

a user only depend on the user

 

 

 

privilege level.

 

 

 

 

 

 

 

Optional.

6.

Enable command

command accounting

By default, command accounting is

 

accounting.

disabled. The accounting server does

 

 

 

not record the commands executed by

 

 

 

users.

 

 

 

 

7.

Exit to system view.

quit

N/A

 

 

 

 

 

 

a. Enter ISP domain view:

Optional.

 

 

domain domain-name

By default, local authentication is used.

 

 

b. Apply an AAA scheme to

For local authentication, configure

 

 

the domain:

local user accounts.

 

 

authentication default

For RADIUS or HWTACACS

8.

Apply an AAA

{ hwtacacs-scheme

authentication, configure the RADIUS

 

authentication scheme to

hwtacacs-scheme-name

 

or HWTACACS scheme on the device

 

the intended domain.

[ local ] local none

 

and configure authentication settings

 

 

radius-scheme

 

 

(including the username and

 

 

radius-scheme-name

 

 

password) on the server.

 

 

[ local ] }

 

 

For more information about AAA

 

 

c. Exit to system view:

 

 

configuration, see Access Control

 

 

quit

 

 

Configuration Guide.

 

 

 

 

 

 

 

9.

Create a local user and

local-user user-name

By default, a local user named admin

 

enter local user view.

exists.

 

 

 

 

 

 

 

 

 

By default, the password for

10.

Set a password.

password { cipher simple }

system-predefined user admin is

password

admin, and no password is set for any

 

 

 

 

 

other local user.

 

 

 

 

11.

Specify the command

authorization-attribute level level

Optional.

 

level of the local user.

By default, the command level is 0.

 

 

 

 

 

 

 

 

 

 

 

 

By default, the system-predefined user

12. Specify Telnet service for

 

admin can use terminal service, Telnet

service-type telnet

service, SSH service, and Web service,

 

the local user.

 

 

and no service type is specified for any

 

 

 

 

 

 

other local user.

 

 

 

 

13.

Exit to system view.

quit

N/A

 

 

 

 

 

 

32

 

Image 38
Contents HP Firewalls and UTM Devices Page Contents Page Iii Page Overview OverviewF1000-A-EI/F1000-S-EI AppearanceF1000-E Front viewF5000 Aspf Firewall modules Firewall module for 5800 switches Enhanced firewall modulesUTM products U200-A U200-A front viewU200-S Application scenariosF1000-A-EI/F1000-S-EI Firewall applicationVirtual firewall application VPN applicationF1000-E F5000 Firewall modulesEnhanced firewall modules Clound computing data center applicationRemote access application Enterprise network applicatoinUTM Network diagram Login methods Login overviewLogin methods at a glance Login method Default setting and configuration requirementsCLI user interfaces CLI login method and user interface matrixUser interface Login method User interface assignmentPage Logging in to the CLI Default console port propertiesParameter Default Logging in through the console port for the first timeConnection description Configuring console login control settings Setting the properties of the serial portCommand Remarks Configuring none authentication for console loginAuthentication Configuration tasks Reference Mode Last-numberConfiguring password authentication for console login Configuring scheme authentication for console loginDomain domain-name Configuration GuidePassword Hwtacacs-scheme-nameConfiguring common console user interface settings optional Speed speed-valueTelnet login Logging in through TelnetTelnet server and Telnet client configuration requirements Device role RequirementsConfiguring none authentication for Telnet login Configuring password authentication for Telnet login Telnetting to the device without authenticationConfiguring scheme authentication for Telnet login Password authentication interface for Telnet loginUser only depend on the user Configuring common VTY user interface settings optional Step Command RemarksCharacter Using the device to log in to a Telnet serverCommand ValueLogging in through SSH To use the device to log in to a Telnet serverConfiguring the SSH server on the device SSH server and client requirementsLdap-scheme-name Started Command Reference Local login through the AUX portUsing the device to log in to an SSH server Ssh2 serverHardware Feature compatible AUX login diagramConfiguring none authentication for AUX login Configuring password authentication for AUX login Configuring scheme authentication for AUX login Password authentication interface for AUX loginApply the specified AAA Configuring common settings for AUX login optional Ip alias ip-address port-numberDisplay type of both the device Login procedure Default AUX port propertiesConnecting the AUX port to a terminal Power on the device and press Enter at the prompt Include regular-expression Displaying and maintaining CLI loginTask Command Remarks Regular-expressionSend all num1 aux console Available in user view Vty num2 Logging in to the Web interface Configuration guidelinesLogging in by using the default Web login settings Adding a Web login account Configuring Web loginObject Requirements Configuring Http loginBasic Web login configuration requirements Web captcha verification-codeVerification-code Configuring Https loginInterface interface-type Interface-number VPN Configuration Guide Policy-nameHttps Mask mask-lengthConfiguration procedure Displaying and maintaining Web loginHttp login configuration example Network requirementsHttps login configuration example Configure the host Https client # Associate the Https service with SSL server policy myssl# Enable the Https service # Create RSA local key pairsSymptom Troubleshooting Web browserFailure to access the device through the Web interface Configuring the Internet Explorer settingsInternet Explorer setting Configuring Firefox Web browser settings Click OK in the Security Settings dialog boxFirefox Web browser setting Configuring SNMPv3 access Accessing the device through SnmpConfiguring Snmp access PrerequisitesPriv-password acl acl-number acl ipv6 ipv6-acl-number Configuring SNMPv1 or SNMPv2c accessIpv6 ipv6-acl-number See Getting Started Command Reference Notify-view acl acl-number acl# Enable the Snmp agent Snmp login exampleStepCommand Remarks # Configure an Snmp groupPage Logging in to the firewall module from the network device Feature and hardware compatibilityLogging in to the firewall module from the network device Resetting the system of the firewall module Configuring the Acsei protocolAcsei starts up and runs in the following procedures Acsei timersConfiguring Acsei server on the network device Acsei startup and runningNetwork requirements Configuring Acsei client on the firewall moduleDisplaying and maintaining Acsei server and client Client-id# Set the monitoring timer to 10 seconds Configuration procedure# Set the clock synchronization timer to 10 minutes # Log in to the firewall modulePage Overview Basic configurationPerforming basic configuration in the Web interface Basic configuration wizard-1/6 Click Next For basic configuration appearsBasic configuration wizard-2/6 basic information Click Next For configuring service management appearsBasic configuration wizard-3/6 service management Another service Assign IP addresses to the interfacesConfigure the parameters as described in Table Configuration itemsClick Next For configuring NAT appears IP/Wildcard Performing basic configuration at the CLI Basic configuration wizard-6/6Ip address ip-address mask-length mask Global-nameInterface interface-type Zone name zone-name id zone-idConfiguration Managing the device Configuring the device name in the Web interfaceConfiguring the device name at the CLI Hardware Supported storage mediumDisplaying the current system time Configuring the system time in the Web interfaceConfiguring the system time Configuring the network time CalendarConfiguring the time zone and daylight saving time Source InterfaceDate and time configuration example This example, Device a is the firewallConfiguring the local clock as the reference clock Configuring the system time at the CLI Configuration guidelinesZone-offset System time configuration resultsDate-time Date-time ± zone-offsetZone-offset + Summer-offset To change the system timeDate-time ± zone-offset + Both date-timeTo set the idle timeout timer Setting the idle timeout timer in the Web interfaceSetting the idle timeout timer at the CLI Enabling displaying the copyright statement Configuring bannersTo enable displaying the copyright statement Banner message input modesConfiguring the maximum number of concurrent users To configure bannersRebooting the firewall in the Web interface Configuring the exception handling methodRebooting the device Scheduling a device reboot Rebooting the firewall at the CLIRebooting devices immediately at the CLI Comparison of non-modular and modular approaches Job configuration approachesScheduling jobs Job job-name Scheduling a job in the non-modular approachScheduling a job in the modular approach View view-name# Create a job named pc1, and enter its view Scheduled job configuration exampleTime time-id at time date command command # Create a job named pc3, and enter its view Setting the port status detection timer# Create a job named pc2, and enter its view # Display information about scheduled jobsConfiguring advanced temperature thresholds Configuring temperature thresholds for a device or a moduleConfiguring basic temperature thresholds To set the port status detection timerMonitoring an NMS-connected interface Clearing unused 16-bit interface indexes Diagnosing transceiver modules Verifying and diagnosing transceiver modulesVerifying transceiver modules Interface-number beginSee Getting Started Command ReferenceDisplaying and maintaining device management Task Command Remarks Task Command Remarks User levels Configuring a local user in the Web interfaceManaging users Configure a local user, as described in Table Click Apply Click AddItem Description Configuration exampleService type feature and hardware compatibility Configuring Telnet login control Configuring a local user at the CLIControlling user logins Vpn-instancevpn-instance-name Configuring source IP-based Telnet login controlSource sour-addr sour-wildcard Ipv6-address prefix-lengthRule-string Telnet login control configuration exampleConfiguring source MAC-based Telnet login control Configuring source IP-based Snmp login control Getting StartedRead-view write-viewwrite-view Snmp login control configuration exampleIpv6 ipv6-acl-number Group-name acl acl-number acl ipv6Configuring Web login control Configuring source IP-based Web login controlSource sour-addr sour-wildcard N/A any time-range Web login control configuration exampleLogging off online Web users User-id user-nameuser-nameDisplaying online users Field DescriptionCommand conventions Using the CLICommand conventions Convention DescriptionUsing the undo form of a command CLI viewsReturning to the upper-level view from any view Task CommandEntering system view from user view Returning to user view from any other viewAccessing the CLI online help Abbreviating commands Entering a commandEditing a command line Command line editing keysTo configure a command keyword alias Configuring and using command keyword aliasesConfiguring and using hotkeys Usage guidelinesHotkey Function Enabling redisplaying entered-but-not-submitted commandsSystem-reserved hotkeys Common command-line error messages Understanding command-line error messagesUsing the command history function Error message CausePausing between screens of output Viewing history commandsSetting the command history buffer size for user interfaces Controlling the CLI outputCharacter Meaning Examples Filtering the output from a display commandSpecial characters supported in a regular expression String1string2string1string2 Contain stringstring. string1string2\2 repeatsString1string2string2. string1string2\1\2 Matches character1character2Configuring user privilege and command levels A being character2, but does not match 2aLevel Privilege Default set of commands Configuring a user privilege levelCommand levels and user privilege levels Management and Maintenance Last-num1 vty first-num2 Last-num2By default, the user privilege level Switching the user privilege level Information, see Access Control Configuration Guide Privilege level switching authentication modesAuthentication mode Keywords Description Switching to a higher user privilege level Information required for user privilege level switchingTo change the level of a command Saving the running configurationChanging the level of a command View commandRelated information Support and other resourcesContacting HP Conventions Command conventionsSymbols GUI conventionsNetwork topology icons Port numbering in examplesIndex 144
Related manuals
Manual 3 pages 45.38 Kb