Manualshelf

HP VPN Firewall Appliances System Management and Maintenance Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
919293949596979899100
88
{ Create a local user seclog with the password 123123123123 , and authorize this user as the
security log administrator. That is, use the authorization-attribute command to set the user
privilege level to 3 and specify the user role as security audit. In addition, specify the service
types that the user can use by using service-type.
{ Set the authentication mode to scheme for the user logging in to the device, and make sure only
a local user who has passed AAA local authentication can view and perform operations on the
security log file.
2. Log in to the firewall as the security log administrator:
{ Set the directory for saving the security log file to cfa0:/securitylog/seclog.log.
{ View the contents of the security log file to learn the security status of the firewall.
{ Back up the security log file to the SFTP server.
Configuration procedure
1. Configurations performed by the system administrator:
# Enable saving security logs into the security log file and set the saving interval to one hour.
<Firewall> system-view
[Firewall] info-center security-logfile enable
[Firewall] info-center security-logfile frequency 3600
# Create a local user seclog, and configure the password for the user as 123123123123.
[Firewall] local-user seclog
New local user added.
[Firewall-luser-seclog] password simple 123123123123
# Authorize the user to manage the security log file.
[Firewall-luser-seclog] authorization-attribute level 3 user-role security-audit
# Authorize the user to use SSH, Telnet, and terminal services.
[Firewall-luser-seclog] service-type ssh telnet terminal
[Firewall-luser-seclog] quit
# According to the network plan, the user will log in to the firewall through SSH or Telnet, so
configure the authentication mode of the VTY user interface as scheme.
[Firewall] user-interface vty 0 4
[Firewall-ui-vty0-4] authentication-mode scheme
[Firewall-ui-vty0-4] quit
2. Configurations performed by the security log administrator:
# Log in to the firewall as user seclog.
C:/> telnet 1.1.1.1
******************************************************************************
* Copyright (c) 2010-2013 Hewlett-Packard Development Company, L.P. *
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************
Login authentication
Username:seclog