Firewall configuration – HP e-Commerce Server Accelerator sa7120 User Manual

C H A P T E R 4 HP e-Commerce Server Accelerator SA7100/SA7120 User Guide

46

NOTE: The device
automatically adjusts the
list of MapIDs as they
are created and deleted,
thus MapID 2 becomes
MapID 1 when the default
(the original MapID 1) is
deleted.

4.

Once a user-created server assignment exists, the default
mapping can be deleted. In this example, delete MapID number
1.

HP SA7120> > delete map 1

HP SA7120> list maps

Map Net Ser Cipher Re- Client

ID KeyID Server IP Port Port Suites direct Auth

== ===== ========= ==== ==== ========== ===== ====

1 serv1 10.1.1.30 443 80 med(v2+v3) n n

HP SA7120>

5.

Save the configuration.

HP SA7120>

config save

Saving configuration to flash...

Configuration saved to flash

HP SA7120>

Firewall Configuration

Absent a firewall, outside clients would be able to connect to services
on the web server and possibly gain access to sensitive data—on port
80 using HTTP to access non-sensitive data, on port 443 using
HTTPS to access sensitive data, and on port 81 using HTTP to access
that same sensitive data. Obviously, allowing access to sensitive data
over an unencrypted connection on port 81 is not desirable.
Consequently a firewall should be configured to prevent such access.

NOTE: In this
configuration, the
firewall may occasionally
report the blocking of
outbound packets from
the Server on port 81.
This is normal—a side-
effect of the varying
latencies characteristic of
Internet traffic—and does
not indicate a problem
with the configuration

Port

Access

80

Allowed

443

Allowed

All Others

Denied