Manuals / HP / Computer Equipment / Network Hardware

HP 200 Unified Threat Management (UTM) Appliance Configuring source IP-based Snmp login control

Models: 200 Unified Threat Management (UTM) Appliance

1 150

Download 150 pages 16.75 Kb

Page 122

Figure 78 Network diagram

Host A

10.110.100.46

Host B

10.110.100.52

IP network

Firewall

Configuration procedure

#Configure basic ACL 2000, and configure rule 1 to permit packets sourced from Host B, and rule 2 to permit packets sourced from Host A.

<Firewall> system-view

[Firewall] acl number 2000 match-order config [Firewall-acl-basic-2000] rule 1 permit source 10.110.100.52 0

[Firewall-acl-basic-2000] rule 2 permit source 10.110.100.46 0

[Firewall-acl-basic-2000] quit

#Reference ACL 2000 on user interfaces VTY 0 through VTY 4 so only Host A and Host B can Telnet to the firewall.

[Firewall] user-interface vty 0 4 [Firewall-ui-vty0-4] acl 2000 inbound

Configuring source IP-based SNMP login control

Use a basic ACL (2000 to 2999) to control SNMP logins by source IP address. To access the requested MIB view, an NMS must use a source IP address permitted by the ACL.

To configure source IP-based SNMP login control:

Step	Command	Remarks
1. Enter system view.	system-view	N/A

		By default, no basic
		ACL exists.
2. Create a basic ACL and		NOTE:
enter its view, or enter the	acl [ ipv6 ] number acl-number[ name name ]	Support for the ipv6
view of an existing basic	[ match-order { config auto } ]	keyword depends on
ACL.		the device model. For
		more information, see
		Getting Started
		Command Reference.

116

Image 122

HP 200 Unified Threat Management (UTM) Appliance manual Configuring source IP-based Snmp login control, Getting Started

Contents

HP Firewalls and UTM Devices Page Contents Page Iii Page Overview OverviewF1000-A-EI/F1000-S-EI Appearance F1000-E Front view F5000 Aspf Firewall modules Firewall module for 5800 switches Enhanced firewall modules UTM products U200-A U200-A front view U200-S Application scenariosF1000-A-EI/F1000-S-EI Firewall application Virtual firewall application VPN application F1000-E F5000 Firewall modules Enhanced firewall modules Clound computing data center application Remote access application Enterprise network applicatoin UTM Network diagram Login methods Login overviewLogin methods at a glance Login method Default setting and configuration requirements CLI user interfaces CLI login method and user interface matrixUser interface Login method User interface assignmentPage Logging in to the CLI Default console port propertiesParameter Default Logging in through the console port for the first time Connection description Configuring console login control settings Setting the properties of the serial port Command Remarks Configuring none authentication for console loginAuthentication Configuration tasks Reference Mode Last-number Configuring password authentication for console login Configuring scheme authentication for console login Domain domain-name Configuration GuidePassword Hwtacacs-scheme-name Configuring common console user interface settings optional Speed speed-value Telnet login Logging in through Telnet Telnet server and Telnet client configuration requirements Device role Requirements Configuring none authentication for Telnet login Configuring password authentication for Telnet login Telnetting to the device without authentication Configuring scheme authentication for Telnet login Password authentication interface for Telnet login User only depend on the user Configuring common VTY user interface settings optional Step Command Remarks Character Using the device to log in to a Telnet serverCommand Value Logging in through SSH To use the device to log in to a Telnet server Configuring the SSH server on the device SSH server and client requirements Ldap-scheme-name Started Command Reference Local login through the AUX portUsing the device to log in to an SSH server Ssh2 server Hardware Feature compatible AUX login diagram Configuring none authentication for AUX login Configuring password authentication for AUX login Configuring scheme authentication for AUX login Password authentication interface for AUX login Apply the specified AAA Configuring common settings for AUX login optional Ip alias ip-address port-number Display type of both the device Login procedure Default AUX port properties Connecting the AUX port to a terminal Power on the device and press Enter at the prompt Include regular-expression Displaying and maintaining CLI loginTask Command Remarks Regular-expression Send all num1 aux console Available in user view Vty num2 Logging in to the Web interface Configuration guidelinesLogging in by using the default Web login settings Adding a Web login account Configuring Web login Object Requirements Configuring Http loginBasic Web login configuration requirements Web captcha verification-code Verification-code Configuring Https loginInterface interface-type Interface-number VPN Configuration Guide Policy-name Https Mask mask-length Configuration procedure Displaying and maintaining Web loginHttp login configuration example Network requirements Https login configuration example Configure the host Https client # Associate the Https service with SSL server policy myssl# Enable the Https service # Create RSA local key pairs Symptom Troubleshooting Web browserFailure to access the device through the Web interface Configuring the Internet Explorer settings Internet Explorer setting Configuring Firefox Web browser settings Click OK in the Security Settings dialog box Firefox Web browser setting Configuring SNMPv3 access Accessing the device through SnmpConfiguring Snmp access Prerequisites Priv-password acl acl-number acl ipv6 ipv6-acl-number Configuring SNMPv1 or SNMPv2c accessIpv6 ipv6-acl-number See Getting Started Command Reference Notify-view acl acl-number acl # Enable the Snmp agent Snmp login exampleStepCommand Remarks # Configure an Snmp groupPage Logging in to the firewall module from the network device Feature and hardware compatibilityLogging in to the firewall module from the network device Resetting the system of the firewall module Configuring the Acsei protocol Acsei starts up and runs in the following procedures Acsei timersConfiguring Acsei server on the network device Acsei startup and running Network requirements Configuring Acsei client on the firewall moduleDisplaying and maintaining Acsei server and client Client-id # Set the monitoring timer to 10 seconds Configuration procedure# Set the clock synchronization timer to 10 minutes # Log in to the firewall modulePage Overview Basic configurationPerforming basic configuration in the Web interface Basic configuration wizard-1/6 Click Next For basic configuration appears Basic configuration wizard-2/6 basic information Click Next For configuring service management appears Basic configuration wizard-3/6 service management Another service Assign IP addresses to the interfaces Configure the parameters as described in Table Configuration itemsClick Next For configuring NAT appears IP/Wildcard Performing basic configuration at the CLI Basic configuration wizard-6/6 Ip address ip-address mask-length mask Global-nameInterface interface-type Zone name zone-name id zone-id Configuration Managing the device Configuring the device name in the Web interfaceConfiguring the device name at the CLI Hardware Supported storage medium Displaying the current system time Configuring the system time in the Web interfaceConfiguring the system time Configuring the network time Calendar Configuring the time zone and daylight saving time Source Interface Date and time configuration example This example, Device a is the firewall Configuring the local clock as the reference clock Configuring the system time at the CLI Configuration guidelines Zone-offset System time configuration resultsDate-time Date-time ± zone-offset Zone-offset + Summer-offset To change the system timeDate-time ± zone-offset + Both date-time To set the idle timeout timer Setting the idle timeout timer in the Web interfaceSetting the idle timeout timer at the CLI Enabling displaying the copyright statement Configuring bannersTo enable displaying the copyright statement Banner message input modes Configuring the maximum number of concurrent users To configure banners Rebooting the firewall in the Web interface Configuring the exception handling methodRebooting the device Scheduling a device reboot Rebooting the firewall at the CLIRebooting devices immediately at the CLI Comparison of non-modular and modular approaches Job configuration approachesScheduling jobs Job job-name Scheduling a job in the non-modular approachScheduling a job in the modular approach View view-name # Create a job named pc1, and enter its view Scheduled job configuration exampleTime time-id at time date command command # Create a job named pc3, and enter its view Setting the port status detection timer# Create a job named pc2, and enter its view # Display information about scheduled jobs Configuring advanced temperature thresholds Configuring temperature thresholds for a device or a moduleConfiguring basic temperature thresholds To set the port status detection timer Monitoring an NMS-connected interface Clearing unused 16-bit interface indexes Diagnosing transceiver modules Verifying and diagnosing transceiver modulesVerifying transceiver modules Interface-number begin See Getting Started Command ReferenceDisplaying and maintaining device management Task Command Remarks Task Command Remarks User levels Configuring a local user in the Web interfaceManaging users Configure a local user, as described in Table Click Apply Click Add Item Description Configuration exampleService type feature and hardware compatibility Configuring Telnet login control Configuring a local user at the CLIControlling user logins Vpn-instancevpn-instance-name Configuring source IP-based Telnet login controlSource sour-addr sour-wildcard Ipv6-address prefix-length Rule-string Telnet login control configuration exampleConfiguring source MAC-based Telnet login control Configuring source IP-based Snmp login control Getting Started Read-view write-viewwrite-view Snmp login control configuration exampleIpv6 ipv6-acl-number Group-name acl acl-number acl ipv6 Configuring Web login control Configuring source IP-based Web login control Source sour-addr sour-wildcard N/A any time-range Web login control configuration exampleLogging off online Web users User-id user-nameuser-name Displaying online users Field Description Command conventions Using the CLICommand conventions Convention Description Using the undo form of a command CLI views Returning to the upper-level view from any view Task CommandEntering system view from user view Returning to user view from any other view Accessing the CLI online help Abbreviating commands Entering a commandEditing a command line Command line editing keys To configure a command keyword alias Configuring and using command keyword aliasesConfiguring and using hotkeys Usage guidelines Hotkey Function Enabling redisplaying entered-but-not-submitted commandsSystem-reserved hotkeys Common command-line error messages Understanding command-line error messagesUsing the command history function Error message Cause Pausing between screens of output Viewing history commandsSetting the command history buffer size for user interfaces Controlling the CLI output Character Meaning Examples Filtering the output from a display commandSpecial characters supported in a regular expression String1string2string1string2 Contain stringstring. string1string2\2 repeatsString1string2string2. string1string2\1\2 Matches character1character2 Configuring user privilege and command levels A being character2, but does not match 2a Level Privilege Default set of commands Configuring a user privilege levelCommand levels and user privilege levels Management and Maintenance Last-num1 vty first-num2 Last-num2 By default, the user privilege level Switching the user privilege level Information, see Access Control Configuration Guide Privilege level switching authentication modesAuthentication mode Keywords Description Switching to a higher user privilege level Information required for user privilege level switching To change the level of a command Saving the running configurationChanging the level of a command View command Related information Support and other resourcesContacting HP Conventions Command conventionsSymbols GUI conventions Network topology icons Port numbering in examples Index 144