R3721-F3210-F3171-HP High-End Firewalls System Management and Maintenance Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

201

202

203

204

205

206

207

208

209

210

200

Ste

Command

Remarks

5. Set the file update mode for

the FTP server.

ftp update { fast | normal }

Optional.

Normal update is used by default.

6. Quit to user view.

quit N/A

7. Manually release the FTP

connection established with

the specified username.

free ftp user username

Optional.

Available in user view.

Configuring authentication and authorization on the FTP server

To allow an FTP user to access certain directories on the FTP server, you need to create an account for the

user, authorize the user to access the directories and configure a password for the user.

Make the following configuration to perform authentication and authorization on a local FTP user. To

authenticate remote FTP users, you need to configure authentication, authorization and accounting

(AAA). For detailed configuration about AAA, see Access Control Configuration Guide.

In local authentication, the firewall checks the entered username and password against those configured

on the firewall. In remote authentication, the firewall entered the input username and password to the

remote authentication server for authentication.

To configure authentication and authorization for FTP server:

Ste

Command

Remarks

1. Enter system view. system-view N/A

2. Create a local user

and enter its view.

local-user user-name

No local user exists by default, and the system

does not support FTP anonymous user access.

3. Assign a password

to the user.

password { simple | cipher }

password

N/A

4. Assign the FTP

service to the user.

service-type ftp

By default, the system does not support

anonymous FTP access, and does not assign

any service. If the FTP service is assigned, the

root directory of the firewall is used by

default.

5. Configure user

properties.

authorization-attribute { acl

acl-number | callback-number

callback-number | idle-cut minute

| level level | user-profile

profile-name | vlan vlan-id |

work-directory directory-name } *

Optional.

By default, the FTP/SFTP users can access the

root directory of the firewall, and the user

level is 0. You can change the default

configuration by using this command.

NOTE:

• For more information about the local-user, password, service-type ftp, and authorization-attribute

commands, see

Access Control Configuration Guide.

• When the firewall serves as the FTP server, to perform the write operations (for example, upload, delete,

create, and delete) on the device's file system, the FTP lo

in users must be level 3 users; to perform other

operations, for example, read operation, users of any level from 0 to 3 are allowed.