HP 200 Unified Threat Management (UTM) Appliance manual Iii

Page 5

Configuration guidelines ······································································································································ 91 Configuration procedure ······································································································································ 93 Setting the idle timeout timer in the Web interface ···································································································· 94 Setting the idle timeout timer at the CLI ······················································································································· 94 Enabling displaying the copyright statement ·············································································································· 95 Configuring banners······················································································································································ 95 Banner message input modes ······························································································································ 95 Configuration procedure ······································································································································ 96 Configuring the maximum number of concurrent users ····························································································· 96 Configuring the exception handling method··············································································································· 97 Rebooting the device ····················································································································································· 97 Rebooting the firewall in the Web interface ······································································································ 97 Rebooting the firewall at the CLI·························································································································· 98 Scheduling jobs······························································································································································ 99 Job configuration approaches ····························································································································· 99 Configuration guidelines ······································································································································ 99 Scheduled job configuration example ··············································································································101 Setting the port status detection timer ························································································································102 Configuring temperature thresholds for a device or a module ···············································································103 Configuring basic temperature thresholds········································································································103 Configuring advanced temperature thresholds ································································································103 Monitoring an NMS-connected interface ··················································································································104 Clearing unused 16-bit interface indexes··················································································································105 Verifying and diagnosing transceiver modules ········································································································106 Verifying transceiver modules ····························································································································106 Diagnosing transceiver modules························································································································106 Displaying and maintaining device management····································································································107

Managing users ······················································································································································ 110

User levels·····································································································································································110 Configuring a local user in the Web interface ·········································································································110 Configuration procedure ····································································································································110 Configuration example ·······································································································································112 Configuring a local user at the CLI ····························································································································113 Controlling user logins·················································································································································113 Configuring Telnet login control ························································································································113 Telnet login control configuration example ······································································································115 Configuring source IP-based SNMP login control ···························································································116 SNMP login control configuration example ·····································································································117 Configuring Web login control··························································································································118 Web login control configuration example········································································································119 Displaying online users················································································································································120

Using the CLI ··························································································································································· 121

Command conventions ················································································································································121 Using the undo form of a command ··························································································································122 CLI views ·······································································································································································122 Entering system view from user view·················································································································123 Returning to the upper-level view from any view ·····························································································123 Returning to user view from any other view ·····································································································123 Accessing the CLI online help ·····································································································································124

Entering a command····················································································································································125350H

Editing150Ha command line······································································································································12535 H

Entering151Ha STRING type value for an argument·······························································································125352H

Abbreviating152Hcommands·····································································································································125353H

iii

Image 5
Contents HP Firewalls and UTM Devices Page Contents Page Iii Page F1000-A-EI/F1000-S-EI OverviewOverview AppearanceFront view F1000-EF5000 Aspf Firewall modules Enhanced firewall modules Firewall module for 5800 switchesUTM products U200-A front view U200-AF1000-A-EI/F1000-S-EI Application scenariosU200-S Firewall applicationVPN application Virtual firewall applicationF1000-E Firewall modules F5000Clound computing data center application Enhanced firewall modulesEnterprise network applicatoin Remote access applicationUTM Network diagram Login methods at a glance Login overviewLogin methods Login method Default setting and configuration requirementsUser interface Login method CLI login method and user interface matrixCLI user interfaces User interface assignmentPage Parameter Default Default console port propertiesLogging in to the CLI Logging in through the console port for the first timeConnection description Setting the properties of the serial port Configuring console login control settingsAuthentication Configuration tasks Reference Mode Configuring none authentication for console loginCommand Remarks Last-numberConfiguring scheme authentication for console login Configuring password authentication for console loginPassword Configuration GuideDomain domain-name Hwtacacs-scheme-nameSpeed speed-value Configuring common console user interface settings optionalLogging in through Telnet Telnet loginDevice role Requirements Telnet server and Telnet client configuration requirementsConfiguring none authentication for Telnet login Telnetting to the device without authentication Configuring password authentication for Telnet loginPassword authentication interface for Telnet login Configuring scheme authentication for Telnet loginUser only depend on the user Step Command Remarks Configuring common VTY user interface settings optionalCommand Using the device to log in to a Telnet serverCharacter ValueTo use the device to log in to a Telnet server Logging in through SSHSSH server and client requirements Configuring the SSH server on the deviceLdap-scheme-name Using the device to log in to an SSH server Local login through the AUX portStarted Command Reference Ssh2 serverAUX login diagram Hardware Feature compatibleConfiguring none authentication for AUX login Configuring password authentication for AUX login Password authentication interface for AUX login Configuring scheme authentication for AUX loginApply the specified AAA Ip alias ip-address port-number Configuring common settings for AUX login optionalDisplay type of both the device Default AUX port properties Login procedureConnecting the AUX port to a terminal Power on the device and press Enter at the prompt Task Command Remarks Displaying and maintaining CLI loginInclude regular-expression Regular-expressionSend all num1 aux console Available in user view Vty num2 Logging in to the Web interface Configuration guidelinesLogging in by using the default Web login settings Configuring Web login Adding a Web login accountBasic Web login configuration requirements Configuring Http loginObject Requirements Web captcha verification-codeVerification-code Configuring Https loginInterface interface-type Interface-number Policy-name VPN Configuration GuideMask mask-length HttpsHttp login configuration example Displaying and maintaining Web loginConfiguration procedure Network requirementsHttps login configuration example # Enable the Https service # Associate the Https service with SSL server policy mysslConfigure the host Https client # Create RSA local key pairsFailure to access the device through the Web interface Troubleshooting Web browserSymptom Configuring the Internet Explorer settingsInternet Explorer setting Click OK in the Security Settings dialog box Configuring Firefox Web browser settingsFirefox Web browser setting Configuring Snmp access Accessing the device through SnmpConfiguring SNMPv3 access PrerequisitesIpv6 ipv6-acl-number See Getting Started Command Reference Configuring SNMPv1 or SNMPv2c accessPriv-password acl acl-number acl ipv6 ipv6-acl-number Notify-view acl acl-number aclStepCommand Remarks Snmp login example# Enable the Snmp agent # Configure an Snmp groupPage Logging in to the firewall module from the network device Feature and hardware compatibilityLogging in to the firewall module from the network device Configuring the Acsei protocol Resetting the system of the firewall moduleConfiguring Acsei server on the network device Acsei timersAcsei starts up and runs in the following procedures Acsei startup and runningDisplaying and maintaining Acsei server and client Configuring Acsei client on the firewall moduleNetwork requirements Client-id# Set the clock synchronization timer to 10 minutes Configuration procedure# Set the monitoring timer to 10 seconds # Log in to the firewall modulePage Overview Basic configurationPerforming basic configuration in the Web interface Click Next For basic configuration appears Basic configuration wizard-1/6Click Next For configuring service management appears Basic configuration wizard-2/6 basic informationBasic configuration wizard-3/6 service management Assign IP addresses to the interfaces Another serviceConfigure the parameters as described in Table Configuration itemsClick Next For configuring NAT appears IP/Wildcard Basic configuration wizard-6/6 Performing basic configuration at the CLIInterface interface-type Global-nameIp address ip-address mask-length mask Zone name zone-name id zone-idConfiguration Configuring the device name at the CLI Configuring the device name in the Web interfaceManaging the device Hardware Supported storage mediumDisplaying the current system time Configuring the system time in the Web interfaceConfiguring the system time Calendar Configuring the network timeSource Interface Configuring the time zone and daylight saving timeThis example, Device a is the firewall Date and time configuration exampleConfiguring the local clock as the reference clock Configuration guidelines Configuring the system time at the CLIDate-time System time configuration resultsZone-offset Date-time ± zone-offsetZone-offset + Date-time ± zone-offset + To change the system timeSummer-offset Both date-timeTo set the idle timeout timer Setting the idle timeout timer in the Web interfaceSetting the idle timeout timer at the CLI To enable displaying the copyright statement Configuring bannersEnabling displaying the copyright statement Banner message input modesTo configure banners Configuring the maximum number of concurrent usersRebooting the firewall in the Web interface Configuring the exception handling methodRebooting the device Scheduling a device reboot Rebooting the firewall at the CLIRebooting devices immediately at the CLI Comparison of non-modular and modular approaches Job configuration approachesScheduling jobs Scheduling a job in the modular approach Scheduling a job in the non-modular approachJob job-name View view-name# Create a job named pc1, and enter its view Scheduled job configuration exampleTime time-id at time date command command # Create a job named pc2, and enter its view Setting the port status detection timer# Create a job named pc3, and enter its view # Display information about scheduled jobsConfiguring basic temperature thresholds Configuring temperature thresholds for a device or a moduleConfiguring advanced temperature thresholds To set the port status detection timerMonitoring an NMS-connected interface Clearing unused 16-bit interface indexes Verifying transceiver modules Verifying and diagnosing transceiver modulesDiagnosing transceiver modules Interface-number beginSee Getting Started Command ReferenceDisplaying and maintaining device management Task Command Remarks Task Command Remarks User levels Configuring a local user in the Web interfaceManaging users Click Add Configure a local user, as described in Table Click ApplyItem Description Configuration exampleService type feature and hardware compatibility Configuring Telnet login control Configuring a local user at the CLIControlling user logins Source sour-addr sour-wildcard Configuring source IP-based Telnet login controlVpn-instancevpn-instance-name Ipv6-address prefix-lengthRule-string Telnet login control configuration exampleConfiguring source MAC-based Telnet login control Getting Started Configuring source IP-based Snmp login controlIpv6 ipv6-acl-number Snmp login control configuration exampleRead-view write-viewwrite-view Group-name acl acl-number acl ipv6Configuring source IP-based Web login control Configuring Web login controlLogging off online Web users Web login control configuration exampleSource sour-addr sour-wildcard N/A any time-range User-id user-nameuser-nameField Description Displaying online usersCommand conventions Using the CLICommand conventions Convention DescriptionCLI views Using the undo form of a commandEntering system view from user view Task CommandReturning to the upper-level view from any view Returning to user view from any other viewAccessing the CLI online help Editing a command line Entering a commandAbbreviating commands Command line editing keysConfiguring and using hotkeys Configuring and using command keyword aliasesTo configure a command keyword alias Usage guidelinesHotkey Function Enabling redisplaying entered-but-not-submitted commandsSystem-reserved hotkeys Using the command history function Understanding command-line error messagesCommon command-line error messages Error message CauseSetting the command history buffer size for user interfaces Viewing history commandsPausing between screens of output Controlling the CLI outputCharacter Meaning Examples Filtering the output from a display commandSpecial characters supported in a regular expression String1string2string2. string1string2\1\2 Contain stringstring. string1string2\2 repeatsString1string2string1string2 Matches character1character2A being character2, but does not match 2a Configuring user privilege and command levelsLevel Privilege Default set of commands Configuring a user privilege levelCommand levels and user privilege levels Last-num1 vty first-num2 Last-num2 Management and MaintenanceBy default, the user privilege level Switching the user privilege level Information, see Access Control Configuration Guide Privilege level switching authentication modesAuthentication mode Keywords Description Information required for user privilege level switching Switching to a higher user privilege levelChanging the level of a command Saving the running configurationTo change the level of a command View commandRelated information Support and other resourcesContacting HP Symbols Command conventionsConventions GUI conventionsPort numbering in examples Network topology iconsIndex 144
Related manuals
Manual 3 pages 45.38 Kb