Manualshelf

Access Security Guide K/KA/KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch
421422423424425426427428429430
If it is necessary to use the WebAgent and your browser access is through a web proxy server,
perform these steps:
1. Enter the web proxy server’s MAC address in the port’s Authorized Addresses list.
2. Enter the web proxy server’s IP address in the switch’s IP Authorized Managers list.
You must perform both of these steps or the switch only detects the proxy server’s MAC address
and IP address instead of your workstation addresses, and your connection is considered
unauthorized.
Operating Notes
Network Security Precautions
You can enhance your network’s security by keeping physical access to the switch restricted
to authorized personnel, using the password features built into the switch, using the additional
security features described in this manual, and preventing unauthorized access to data on your
management stations.
Modem and Direct Console Access
Configuring authorized IP managers does not protect against access to the switch through a
modem or direct Console (RS-232) port connection.
Duplicate IP Addresses
If the IP address configured in an authorized management station is also configured (or
spoofed”) in another station, the other station can gain management access to the switch even
though a duplicate IP address condition exists.
Web Proxy Servers
If you use the WebAgent to access the switch from an authorized IP manager station, it is
recommended that you avoid the use of a web proxy server in the path between the station
and the switch. This is because switch access through a web proxy server requires that you
first add the web proxy server to the Authorized Manager IP list. This reduces security by
opening switch access to anyone who uses the web proxy server. The following two options
outline how to eliminate a web proxy server from the path between a station and the switch:
Even if you need proxy server access enabled in order to use other applications, you can
still eliminate proxy service for web access to the switch. To do so, add the IP address or
DNS name of the switch to the non-proxy, or “Exceptions” list in the web browser interface
you are using on the authorized station.
If you don’t need proxy server access at all on the authorized station, then just disable the
proxy server feature in the station’s web browser interface.
422 Authorized IP Managers