4000 Router Series Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

Displaying and maintaining SSH ······························································································································· 226

Stelnet configuration examples ··································································································································· 226

Password authentication enabled Stelnet server configuration example ······················································ 226

Publickey authentication enabled Stelnet server configuration example ······················································· 228

Password authentication enabled Stelnet client configuration example ························································ 233

Publickey authentication enabled Stelnet client configuration example ························································ 236

SFTP configuration examples ······································································································································ 238

Password authentication enabled SFTP server configuration example ·························································· 238

Publickey authentication enabled SFTP client configuration example ··························································· 240

SCP file transfer with password authentication ········································································································· 243

Configuring ASPF ···················································································································································· 246

Overview ······································································································································································· 246

ASPF basic concepts ··········································································································································· 246

ASPF inspections·················································································································································· 247

ASPF configuration task list ········································································································································· 249

Configuring an ASPF policy ········································································································································ 249

Applying an ASPF policy to an interface ·················································································································· 249

Displaying and maintaining ASPF ······························································································································ 250

ASPF configuration examples ····································································································································· 250

ASPF FTP application inspection configuration example ················································································ 250

ASPF TCP application inspection configuration example ··············································································· 252

ASPF H.323 application inspection configuration example ·········································································· 253

Configuring APR ······················································································································································ 255

PBAR ····································································································································································· 255

Group-based application recognition ··············································································································· 255

Configuring PBAR ························································································································································ 256

Configuring application groups ································································································································· 256

Enabling application statistics on an interface ········································································································· 257

Displaying and maintaining APR ································································································································ 258

APR configuration example ········································································································································· 258

Network requirements ········································································································································· 258

Configuration procedure ···································································································································· 259

Verifying the configuration ································································································································· 259

Managing sessions ················································································································································· 260

Session management operation ························································································································· 260

Session management functions ·························································································································· 260

Session management task list ····································································································································· 261

Setting the session aging time for different protocol states ····················································································· 261

Setting the session aging time for different application layer protocols ································································ 262

Specifying persistent sessions ····································································································································· 263

Setting the maximum number of sessions ·················································································································· 263

Configuring session logging ······································································································································· 263

Displaying and maintaining session management ··································································································· 264

Configuring connection limits ································································································································· 266

Connection limit configuration task list ······················································································································ 266

Creating a connection limit policy ····························································································································· 266

Configuring the connection limit policy ····················································································································· 267

Applying the connection limit policy ·························································································································· 267

Displaying and maintaining connection limits ·········································································································· 268

Connection limit configuration example ···················································································································· 269