R3166-R3206-HP High-End Firewalls System Management and Maintenance Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

Encrypting a configuration file

Configuration file encryption enables you to encrypt a configuration file before saving it by using the

save command. To read the encrypted configuration file, you must decrypt it with a legal key, thus

protecting the configuration file. Two kinds of keys are supported to encrypt a configuration file. You can

select either of them according to your application environment:

• Private key: A configuration file encrypted by this kind of key can be decrypted and recognized

only by the local device.

• Public key: A configuration file encrypted by this kind of key can be decrypted and recognized by

all devices supporting this feature.

Follow the steps below to enable configuration file encryption:

To do… Use the command…

Remarks

Enter system view system-view —

Enable configuration file

encryption

configuration encrypt { private-key

| public-key }

Optional

Disabled by default, that is, the current

valid configurations are directly saved to

the configuration file.

NOTE:

You can use the display saved-configuration command instead of the more command to view the

encrypted confi

uration file, because the latter cannot decrypt the file. Otherwise, you will be prompted

for operation failure or garbled characters.

Selecting the modes for saving the configuration file

• Fast saving: In this mode, you use the save command without the safely keyword. The file is saved

more quickly but is likely to be lost if the device reboots or the power fails during the process.

• Safe: In this mode, you use the save command with the safely keyword. The file is saved slowly, but

the system retains the configuration file even if the device reboots or the power fails during the

process.

The fast saving mode is suitable for environments where power supply is stable. The safe mode, however,

is preferred in environments where stable power supply is unavailable or remote maintenance is

involved.

Follow the steps below to save the current configuration:

To do… Use the command…

Remarks

Save the current configuration to the specified

file, but the configuration file will not be set as

the file for the next startup

save file-url

Required

Use either command

Available in any view.

Save the current configuration to the root

directory of the storage medium and specify the

file as the startup configuration file that will be

used at the next system startup

save [ safely ]