beautypg.com

Amer Networks E5Web GUI User Manual

Page 49

background image

mean the tunnels are lost and have to be re-established because the tunnel SAs are no longer
valid.

Checking Configuration Integrity

After changing a cOS Core configuration and before issuing the activate and commit commands,
it is possible to explicitly check for any problems in a configuration using the command:

Device:/> show -errors

This will cause cOS Core to scan the configuration about to be activated and list any problems. A
possible problem that might be found in this way is a reference to an IP object in the address
book that does not exist in a restored configuration backup.

Logging off from the CLI

After finishing working with the CLI, it is recommended to logout in order to avoid letting
anyone getting unauthorized access to the system. Log off by using the exit or the logout
command.

Configuring Remote Management Access on an Interface

Remote management access may need to be configured through the CLI. Suppose management
access is to be through Ethernet interface If2 which has an IP address 10.8.1.34.

Firstly, we set the values for the IPv4 address objects for If2 which already exist in the cOS Core
address book, starting with the interface IP:

Device:/> set Address IP4Address InterfaceAddresses/If2_ip

Address=10.8.1.34

The network IP address for the interface must also be set to the appropriate value:

Device:/> set Address IP4Address InterfaceAddresses/If2_net

Address=10.8.1.0/24

In this example, local IP addresses are used for illustration but these could be public IPv4
addresses instead. It is also assumed that the default address objects for the configuration are
stored in an address book folder called InterfaceAddresses.

Next, create a remote HTTP management access object, in this example called HTTP_If2:

Device:/> add RemoteManagement RemoteMgmtHTTP HTTP_If2

Interface=If2
Network=all-nets
LocalUserDatabase=AdminUsers
AccessLevel=Admin
HTTP=Yes

If we now activate and commit the new configuration, remote management access via the IPv4
address 10.8.1.34 is now possible using a web browser. If SSH management access is required
then a RemoteMgmtSSH object should be added.

The assumption made with the above commands is that an all-nets route exists to the ISP's
gateway. In other words, Internet access has been enabled for the Clavister Security Gateway.

Managing Management Sessions with sessionmanager

Chapter 2: Management and Maintenance

49

This manual is related to the following products:
See also other documents in the category Amer Networks Computer Accessories: