Manuals / HP / Computer Equipment / Network Hardware

HP 200 Unified Threat Management (UTM) Appliance manual Snmp login control configuration example

Models: 200 Unified Threat Management (UTM) Appliance

1 150

Download 150 pages 16.75 Kb

Page 123

Step

Command

Remarks

3.Configure an ACL rule.

rule [ rule-id] { deny permit } [ counting fragment logging source { sour-addr

sour-wildcard any } time-rangeN/A time-range-name vpn-instance

vpn-instance-name ] *

4. Exit the basic ACL view.	quit	N/A

	• SNMPv1/v2c community:
	snmp-agent community { read write }
	community-name [ mib-viewview-name ] [ acl
	acl-number acl ipv6 ipv6-acl-number ] *

•	SNMPv1/v2c group:
	snmp-agent group { v1 v2c } group-name
	[ read-view read-view] [ write-view write-view]
	[ notify-view notify-view] [ acl acl-number acl
	ipv6 ipv6-acl-number ] *
•	SNMPv3 group:
5. Apply the ACL to an	snmp-agent group v3 group-name
5. Apply the ACL to an	[ authentication privacy ] [ read-view
SNMP community, group,	read-view ] [ write-viewwrite-view ]
or user.	[ notify-view notify-view] [ acl acl-number acl
	ipv6 ipv6-acl-number ] *
•	SNMPv1/v2c user:
	snmp-agent usm-user { v1 v2c } user-name
	group-name [ acl acl-number acl ipv6
	ipv6-acl-number ] *
•	SNMPv3 user:
	snmp-agent usm-user v3 user-name
	group-name[ [ cipher ] authentication-mode
	{ md5 sha } auth-password[ privacy-mode
	{ 3des aes128 des56 } priv-password] ] [ acl
	acl-number acl ipv6 ipv6-acl-number ] *

For more information about SNMP, see System Management and Maintenance Configuration Guide.

NOTE:

Support for the ipv6 ipv6-acl-numberoption depends on the device model. For more information, see Getting Started Command Reference.

SNMP login control configuration example

Network requirements

Configure the firewall in Figure 79 to allow Host A and Host B to access the firewall through SNMP.

117

Image 123

HP 200 Unified Threat Management (UTM) Appliance manual Snmp login control configuration example, Ipv6 ipv6-acl-number

Contents

HP Firewalls and UTM Devices Page Contents Page Iii Page Appearance OverviewF1000-A-EI/F1000-S-EI Overview Front view F1000-E F5000 Aspf Firewall modules Enhanced firewall modules Firewall module for 5800 switches UTM products U200-A front view U200-A Firewall application Application scenariosF1000-A-EI/F1000-S-EI U200-S VPN application Virtual firewall application F1000-E Firewall modules F5000 Clound computing data center application Enhanced firewall modules Enterprise network applicatoin Remote access application UTM Network diagram Login method Default setting and configuration requirements Login overviewLogin methods at a glance Login methods User interface assignment CLI login method and user interface matrixUser interface Login method CLI user interfacesPage Logging in through the console port for the first time Default console port propertiesParameter Default Logging in to the CLI Connection description Setting the properties of the serial port Configuring console login control settings Last-number Configuring none authentication for console loginAuthentication Configuration tasks Reference Mode Command Remarks Configuring scheme authentication for console login Configuring password authentication for console login Hwtacacs-scheme-name Configuration GuidePassword Domain domain-name Speed speed-value Configuring common console user interface settings optional Logging in through Telnet Telnet login Device role Requirements Telnet server and Telnet client configuration requirements Configuring none authentication for Telnet login Telnetting to the device without authentication Configuring password authentication for Telnet login Password authentication interface for Telnet login Configuring scheme authentication for Telnet login User only depend on the user Step Command Remarks Configuring common VTY user interface settings optional Value Using the device to log in to a Telnet serverCommand Character To use the device to log in to a Telnet server Logging in through SSH SSH server and client requirements Configuring the SSH server on the device Ldap-scheme-name Ssh2 server Local login through the AUX portUsing the device to log in to an SSH server Started Command Reference AUX login diagram Hardware Feature compatible Configuring none authentication for AUX login Configuring password authentication for AUX login Password authentication interface for AUX login Configuring scheme authentication for AUX login Apply the specified AAA Ip alias ip-address port-number Configuring common settings for AUX login optional Display type of both the device Default AUX port properties Login procedure Connecting the AUX port to a terminal Power on the device and press Enter at the prompt Regular-expression Displaying and maintaining CLI loginTask Command Remarks Include regular-expression Send all num1 aux console Available in user view Vty num2 Configuration guidelines Logging in by using the default Web login settingsLogging in to the Web interface Configuring Web login Adding a Web login account Web captcha verification-code Configuring Http loginBasic Web login configuration requirements Object Requirements Configuring Https login Interface interface-type Interface-numberVerification-code Policy-name VPN Configuration Guide Mask mask-length Https Network requirements Displaying and maintaining Web loginHttp login configuration example Configuration procedure Https login configuration example # Create RSA local key pairs # Associate the Https service with SSL server policy myssl# Enable the Https service Configure the host Https client Configuring the Internet Explorer settings Troubleshooting Web browserFailure to access the device through the Web interface Symptom Internet Explorer setting Click OK in the Security Settings dialog box Configuring Firefox Web browser settings Firefox Web browser setting Prerequisites Accessing the device through SnmpConfiguring Snmp access Configuring SNMPv3 access Notify-view acl acl-number acl Configuring SNMPv1 or SNMPv2c accessIpv6 ipv6-acl-number See Getting Started Command Reference Priv-password acl acl-number acl ipv6 ipv6-acl-number # Configure an Snmp group Snmp login exampleStepCommand Remarks # Enable the Snmp agentPage Feature and hardware compatibility Logging in to the firewall module from the network deviceLogging in to the firewall module from the network device Configuring the Acsei protocol Resetting the system of the firewall module Acsei startup and running Acsei timersConfiguring Acsei server on the network device Acsei starts up and runs in the following procedures Client-id Configuring Acsei client on the firewall moduleDisplaying and maintaining Acsei server and client Network requirements # Log in to the firewall module Configuration procedure# Set the clock synchronization timer to 10 minutes # Set the monitoring timer to 10 secondsPage Basic configuration Performing basic configuration in the Web interfaceOverview Click Next For basic configuration appears Basic configuration wizard-1/6 Click Next For configuring service management appears Basic configuration wizard-2/6 basic information Basic configuration wizard-3/6 service management Assign IP addresses to the interfaces Another service Configuration items Click Next For configuring NAT appearsConfigure the parameters as described in Table IP/Wildcard Basic configuration wizard-6/6 Performing basic configuration at the CLI Zone name zone-name id zone-id Global-nameInterface interface-type Ip address ip-address mask-length mask Configuration Hardware Supported storage medium Configuring the device name in the Web interfaceConfiguring the device name at the CLI Managing the device Configuring the system time in the Web interface Configuring the system timeDisplaying the current system time Calendar Configuring the network time Source Interface Configuring the time zone and daylight saving time This example, Device a is the firewall Date and time configuration example Configuring the local clock as the reference clock Configuration guidelines Configuring the system time at the CLI Date-time ± zone-offset System time configuration resultsDate-time Zone-offset Zone-offset + Both date-time To change the system timeDate-time ± zone-offset + Summer-offset Setting the idle timeout timer in the Web interface Setting the idle timeout timer at the CLITo set the idle timeout timer Banner message input modes Configuring bannersTo enable displaying the copyright statement Enabling displaying the copyright statement To configure banners Configuring the maximum number of concurrent users Configuring the exception handling method Rebooting the deviceRebooting the firewall in the Web interface Rebooting the firewall at the CLI Rebooting devices immediately at the CLIScheduling a device reboot Job configuration approaches Scheduling jobsComparison of non-modular and modular approaches View view-name Scheduling a job in the non-modular approachScheduling a job in the modular approach Job job-name Scheduled job configuration example Time time-id at time date command command# Create a job named pc1, and enter its view # Display information about scheduled jobs Setting the port status detection timer# Create a job named pc2, and enter its view # Create a job named pc3, and enter its view To set the port status detection timer Configuring temperature thresholds for a device or a moduleConfiguring basic temperature thresholds Configuring advanced temperature thresholds Monitoring an NMS-connected interface Clearing unused 16-bit interface indexes Interface-number begin Verifying and diagnosing transceiver modulesVerifying transceiver modules Diagnosing transceiver modules Command Reference Displaying and maintaining device managementSee Getting Started Task Command Remarks Task Command Remarks Configuring a local user in the Web interface Managing usersUser levels Click Add Configure a local user, as described in Table Click Apply Configuration example Service type feature and hardware compatibilityItem Description Configuring a local user at the CLI Controlling user loginsConfiguring Telnet login control Ipv6-address prefix-length Configuring source IP-based Telnet login controlSource sour-addr sour-wildcard Vpn-instancevpn-instance-name Telnet login control configuration example Configuring source MAC-based Telnet login controlRule-string Getting Started Configuring source IP-based Snmp login control Group-name acl acl-number acl ipv6 Snmp login control configuration exampleIpv6 ipv6-acl-number Read-view write-viewwrite-view Configuring source IP-based Web login control Configuring Web login control User-id user-nameuser-name Web login control configuration exampleLogging off online Web users Source sour-addr sour-wildcard N/A any time-range Field Description Displaying online users Convention Description Using the CLICommand conventions Command conventions CLI views Using the undo form of a command Returning to user view from any other view Task CommandEntering system view from user view Returning to the upper-level view from any view Accessing the CLI online help Command line editing keys Entering a commandEditing a command line Abbreviating commands Usage guidelines Configuring and using command keyword aliasesConfiguring and using hotkeys To configure a command keyword alias Enabling redisplaying entered-but-not-submitted commands System-reserved hotkeysHotkey Function Error message Cause Understanding command-line error messagesUsing the command history function Common command-line error messages Controlling the CLI output Viewing history commandsSetting the command history buffer size for user interfaces Pausing between screens of output Filtering the output from a display command Special characters supported in a regular expressionCharacter Meaning Examples Matches character1character2 Contain stringstring. string1string2\2 repeatsString1string2string2. string1string2\1\2 String1string2string1string2 A being character2, but does not match 2a Configuring user privilege and command levels Configuring a user privilege level Command levels and user privilege levelsLevel Privilege Default set of commands Last-num1 vty first-num2 Last-num2 Management and Maintenance By default, the user privilege level Switching the user privilege level Privilege level switching authentication modes Authentication mode Keywords DescriptionInformation, see Access Control Configuration Guide Information required for user privilege level switching Switching to a higher user privilege level View command Saving the running configurationChanging the level of a command To change the level of a command Support and other resources Contacting HPRelated information GUI conventions Command conventionsSymbols Conventions Port numbering in examples Network topology icons Index 144