Firewall configuration – HP e-CommerceXML Accelerator sa7150 User Manual

C H A P T E R 4

Scenario 6—Configuring a Firewall

69

NOTE: The device
automatically adjusts the
list of MapIDs as they are
created and deleted, thus
MapID 2 becomes MapID
1 when the default (the
original MapID 1) is
deleted.

4. Once a user-created server assignment exists, the default

mapping can be deleted. In this example, delete MapID
number 1.

HP SA7150> list map

Map Net Ser Cipher Re- Client well

ID KeyID Server IP Port Port Suites direct Auth XML form

== ===== ========= ===== ==== ======== ===== ===== === ====

1 default 1.1.1.3 443 81 all(v2+v3) n n n N/A

5. Save the configuration.

HP SA7150>

config save

Saving configuration to flash...

Configuration saved to flash

HP SA7150>

Firewall Configuration

Absent a firewall, outside clients would be able to connect to services
on the web server and possibly gain access to sensitive data—on port
80 using HTTP to access non-sensitive data, on port 443 using
HTTPS to access sensitive data, and on port 81 using HTTP to access
that same sensitive data. Obviously, allowing access to sensitive data
over an unencrypted connection on port 81 is not desirable.
Consequently a firewall should be configured to prevent such access.

NOTE: In this
configuration, the
firewall may occasionally
report the blocking of
outbound packets from
the Server on port 81.
This is normal—a side-
effect of the varying
latencies characteristic of
Internet traffic—and does
not indicate a problem
with the configuration.

Port

Access

80

Allowed

443

Allowed

All Others

Denied