HP Firewall 60

Step		Command	Remarks
10.	Specify the command level of	authorization-attribute level level	No command level is configured
	the local user.	authorization-attribute level level	for the local user.
	the local user.		for the local user.

			By default, the system-predefined
11.	Specify the Telnet service type		user admin can use terminal
11.	Specify the Telnet service type	service-type web	service, Telnet service, SSH
	for the local user.	service-type web	service, and Web service, and no
	for the local user.		service, and Web service, and no
			service type is specified for any
			other local user.

12.	Exit to system view.	quit	N/A

13.	Enter interface view.	interface interface-type	N/A
13.	Enter interface view.	interface-number	N/A
		interface-number

N/A

14.Assign an IP address and subnet mask to the interface.

ip address ip-address{ mask mask-length}

By default, only interface GigabitEthernet 0/0 is assigned an IP address (192.168.0.1/24).

Configuring HTTPS login

The device supports the following HTTPS login modes:

•Simplified mode—To make the device operate in this mode, you only need to enable HTTPS service on the device. The device will use a self-signed certificate (a certificate that is generated and signed by the device itself, rather than a CA) and the default SSL settings. This mode is simple to configure but has potential security risks.

•Secure mode—To make the device operate in this mode, you must enable HTTPS service on the device, specify an SSL server policy for the service, and configure PKI domain-related parameters. This mode is more complicated to configure but provides higher security.

For more information about SSL and PKI, see Network management Configuration Guide and VPN Configuration Guide.

Follow these guidelines when you configure HTTPS login:

•If the HTTPS service and the SSL VPN service use the same port number, they must have the same SSL server policy. Otherwise, only one of the two services can be enabled.

•If the HTTPS service and the SSL VPN service use the same port number and the same SSL server policy, disable the two services before you modify the SSL server policy, and re-enable them after the modification. Otherwise, the SSL server policy does not take effect.

To configure HTTPS login:

Step	Command	Remarks
		Optional.
1. Specify a fixed verification	web captcha	By default, a Web user must enter the
1. Specify a fixed verification	web captcha	verification code indicated on the login page
code for Web login.	verification-code	verification code indicated on the login page
code for Web login.	verification-code	to log in.
		to log in.
		This command is available in user view.

2. Enter system view.	system-view	N/A

	54