Manuals / HP / Computer Equipment / Network Hardware

HP 200 Unified Threat Management (UTM) Appliance manual Global-name, Interface interface-type

Models: 200 Unified Threat Management (UTM) Appliance

1 150

Download 150 pages 16.75 Kb

Page 88

Step

Command

Remarks

	• To configure a static NAT mapping:
	a.	nat static local-ip[ vpn-instance
		local-name ] global-ip [ vpn-instance
		global-name ]
	b.	interface interface-type
		interface-number
	c.	nat outbound static
4. Configure NAT.	• To configure dynamic NAT:
	• To configure dynamic NAT:
	d.	interface interface-type
		interface-number
	e.	nat outbound [ acl-number]
		[ address-group group-number
		[ vpn-instancevpn-instance-name ]

[ no-pat ] ] [ track vrrp virtual-router-id]

Optional.

By default, NAT is not configured on an interface.

			• For normal NAT server:
			{ nat server [ Index acl-number ]
			protocol pro-type global
			{ global-address current-interface
			interface interface-type
			interface-number } global-port1
			global-port2 [ vpn-instance
			global-name ] inside local-address1
			local-address2 local-port [ vpn-instance
			local-name ] [ track vrrp
			virtual-router-id ]	Optional.
	5.	Configure the NAT	{ nat server [ Index acl-number ]	Optional.
	5.	Configure the NAT	{ nat server [ Index acl-number ]	Configure none or one of the
		server.	protocol pro-type global	Configure none or one of the
			{ global-address current-interface	commands.
			{ global-address current-interface
			interface interface-type
			interface-number } [ global-port ]
			[ vpn-instance global-name ] inside
			local-address [ local-port ]
			[ vpn-instance local-name ] [ track vrrp
			virtual-router-id ]
			• For ACL-based NAT server:
			nat server protocol pro-typeglobal
			acl-number inside local-address
			[ local-port ] [ vpn-instancelocal-name ]

				Optional.
	6. Assign an IP address to		ip address ip-address { mask-length mask }	By default, GigabitEthernet
	6. Assign an IP address to		ip address ip-address { mask-length mask }	0/0 is assigned the IP
		the interface.	[ sub ]	address 192.168.0.1/24,
				and the other interfaces have
				no IP addresses.

	7. Return to system view.		quit	N/A

	8.	Enter security zone	zone name zone-name [ id zone-id ]	N/A
		view.	zone name zone-name [ id zone-id ]	N/A
		view.

			82

Image 88

HP 200 Unified Threat Management (UTM) Appliance Global-name, Interface interface-type, Zone name zone-name id zone-id

Contents

HP Firewalls and UTM Devices Page Contents Page Iii Page Overview F1000-A-EI/F1000-S-EIOverview Appearance F1000-E Front view F5000 Aspf Firewall modules Firewall module for 5800 switches Enhanced firewall modules UTM products U200-A U200-A front view Application scenarios F1000-A-EI/F1000-S-EIU200-S Firewall application Virtual firewall application VPN application F1000-E F5000 Firewall modules Enhanced firewall modules Clound computing data center application Remote access application Enterprise network applicatoin UTM Network diagram Login overview Login methods at a glanceLogin methods Login method Default setting and configuration requirements CLI login method and user interface matrix User interface Login methodCLI user interfaces User interface assignmentPage Default console port properties Parameter DefaultLogging in to the CLI Logging in through the console port for the first time Connection description Configuring console login control settings Setting the properties of the serial port Configuring none authentication for console login Authentication Configuration tasks Reference ModeCommand Remarks Last-number Configuring password authentication for console login Configuring scheme authentication for console login Configuration Guide PasswordDomain domain-name Hwtacacs-scheme-name Configuring common console user interface settings optional Speed speed-value Telnet login Logging in through Telnet Telnet server and Telnet client configuration requirements Device role Requirements Configuring none authentication for Telnet login Configuring password authentication for Telnet login Telnetting to the device without authentication Configuring scheme authentication for Telnet login Password authentication interface for Telnet login User only depend on the user Configuring common VTY user interface settings optional Step Command Remarks Using the device to log in to a Telnet server CommandCharacter Value Logging in through SSH To use the device to log in to a Telnet server Configuring the SSH server on the device SSH server and client requirements Ldap-scheme-name Local login through the AUX port Using the device to log in to an SSH serverStarted Command Reference Ssh2 server Hardware Feature compatible AUX login diagram Configuring none authentication for AUX login Configuring password authentication for AUX login Configuring scheme authentication for AUX login Password authentication interface for AUX login Apply the specified AAA Configuring common settings for AUX login optional Ip alias ip-address port-number Display type of both the device Login procedure Default AUX port properties Connecting the AUX port to a terminal Power on the device and press Enter at the prompt Displaying and maintaining CLI login Task Command RemarksInclude regular-expression Regular-expression Send all num1 aux console Available in user view Vty num2 Logging in by using the default Web login settings Configuration guidelinesLogging in to the Web interface Adding a Web login account Configuring Web login Configuring Http login Basic Web login configuration requirementsObject Requirements Web captcha verification-code Interface interface-type Interface-number Configuring Https loginVerification-code VPN Configuration Guide Policy-name Https Mask mask-length Displaying and maintaining Web login Http login configuration exampleConfiguration procedure Network requirements Https login configuration example # Associate the Https service with SSL server policy myssl # Enable the Https serviceConfigure the host Https client # Create RSA local key pairs Troubleshooting Web browser Failure to access the device through the Web interfaceSymptom Configuring the Internet Explorer settings Internet Explorer setting Configuring Firefox Web browser settings Click OK in the Security Settings dialog box Firefox Web browser setting Accessing the device through Snmp Configuring Snmp accessConfiguring SNMPv3 access Prerequisites Configuring SNMPv1 or SNMPv2c access Ipv6 ipv6-acl-number See Getting Started Command ReferencePriv-password acl acl-number acl ipv6 ipv6-acl-number Notify-view acl acl-number acl Snmp login example StepCommand Remarks# Enable the Snmp agent # Configure an Snmp groupPage Logging in to the firewall module from the network device Feature and hardware compatibilityLogging in to the firewall module from the network device Resetting the system of the firewall module Configuring the Acsei protocol Acsei timers Configuring Acsei server on the network deviceAcsei starts up and runs in the following procedures Acsei startup and running Configuring Acsei client on the firewall module Displaying and maintaining Acsei server and clientNetwork requirements Client-id Configuration procedure # Set the clock synchronization timer to 10 minutes# Set the monitoring timer to 10 seconds # Log in to the firewall modulePage Performing basic configuration in the Web interface Basic configurationOverview Basic configuration wizard-1/6 Click Next For basic configuration appears Basic configuration wizard-2/6 basic information Click Next For configuring service management appears Basic configuration wizard-3/6 service management Another service Assign IP addresses to the interfaces Click Next For configuring NAT appears Configuration itemsConfigure the parameters as described in Table IP/Wildcard Performing basic configuration at the CLI Basic configuration wizard-6/6 Global-name Interface interface-typeIp address ip-address mask-length mask Zone name zone-name id zone-id Configuration Configuring the device name in the Web interface Configuring the device name at the CLIManaging the device Hardware Supported storage medium Configuring the system time Configuring the system time in the Web interfaceDisplaying the current system time Configuring the network time Calendar Configuring the time zone and daylight saving time Source Interface Date and time configuration example This example, Device a is the firewall Configuring the local clock as the reference clock Configuring the system time at the CLI Configuration guidelines System time configuration results Date-timeZone-offset Date-time ± zone-offset Zone-offset + To change the system time Date-time ± zone-offset +Summer-offset Both date-time Setting the idle timeout timer at the CLI Setting the idle timeout timer in the Web interfaceTo set the idle timeout timer Configuring banners To enable displaying the copyright statementEnabling displaying the copyright statement Banner message input modes Configuring the maximum number of concurrent users To configure banners Rebooting the device Configuring the exception handling methodRebooting the firewall in the Web interface Rebooting devices immediately at the CLI Rebooting the firewall at the CLIScheduling a device reboot Scheduling jobs Job configuration approachesComparison of non-modular and modular approaches Scheduling a job in the non-modular approach Scheduling a job in the modular approachJob job-name View view-name Time time-id at time date command command Scheduled job configuration example# Create a job named pc1, and enter its view Setting the port status detection timer # Create a job named pc2, and enter its view# Create a job named pc3, and enter its view # Display information about scheduled jobs Configuring temperature thresholds for a device or a module Configuring basic temperature thresholdsConfiguring advanced temperature thresholds To set the port status detection timer Monitoring an NMS-connected interface Clearing unused 16-bit interface indexes Verifying and diagnosing transceiver modules Verifying transceiver modulesDiagnosing transceiver modules Interface-number begin Displaying and maintaining device management Command ReferenceSee Getting Started Task Command Remarks Task Command Remarks Managing users Configuring a local user in the Web interfaceUser levels Configure a local user, as described in Table Click Apply Click Add Service type feature and hardware compatibility Configuration exampleItem Description Controlling user logins Configuring a local user at the CLIConfiguring Telnet login control Configuring source IP-based Telnet login control Source sour-addr sour-wildcardVpn-instancevpn-instance-name Ipv6-address prefix-length Configuring source MAC-based Telnet login control Telnet login control configuration exampleRule-string Configuring source IP-based Snmp login control Getting Started Snmp login control configuration example Ipv6 ipv6-acl-numberRead-view write-viewwrite-view Group-name acl acl-number acl ipv6 Configuring Web login control Configuring source IP-based Web login control Web login control configuration example Logging off online Web usersSource sour-addr sour-wildcard N/A any time-range User-id user-nameuser-name Displaying online users Field Description Using the CLI Command conventionsCommand conventions Convention Description Using the undo form of a command CLI views Task Command Entering system view from user viewReturning to the upper-level view from any view Returning to user view from any other view Accessing the CLI online help Entering a command Editing a command lineAbbreviating commands Command line editing keys Configuring and using command keyword aliases Configuring and using hotkeysTo configure a command keyword alias Usage guidelines System-reserved hotkeys Enabling redisplaying entered-but-not-submitted commandsHotkey Function Understanding command-line error messages Using the command history functionCommon command-line error messages Error message Cause Viewing history commands Setting the command history buffer size for user interfacesPausing between screens of output Controlling the CLI output Special characters supported in a regular expression Filtering the output from a display commandCharacter Meaning Examples Contain stringstring. string1string2\2 repeats String1string2string2. string1string2\1\2String1string2string1string2 Matches character1character2 Configuring user privilege and command levels A being character2, but does not match 2a Command levels and user privilege levels Configuring a user privilege levelLevel Privilege Default set of commands Management and Maintenance Last-num1 vty first-num2 Last-num2 By default, the user privilege level Switching the user privilege level Authentication mode Keywords Description Privilege level switching authentication modesInformation, see Access Control Configuration Guide Switching to a higher user privilege level Information required for user privilege level switching Saving the running configuration Changing the level of a commandTo change the level of a command View command Contacting HP Support and other resourcesRelated information Command conventions SymbolsConventions GUI conventions Network topology icons Port numbering in examples Index 144