H3C Technologies H3C SecPath F1000-E User Manual
H3c secpath series high-end firewalls, Access control configuration guide
H3C SecPath Series High-End Firewalls
Access Control Configuration Guide
Hangzhou H3C Technologies Co., Ltd.
http://www.h3c.com
Software version: SECPATHF1000SAI&F1000AEI&F1000ESI-CMW520-R3721
SECPATH5000FA-CMW520-F3210
SECPATH1000FE-CMW520-F3171
SECBLADEII-CMW520-F3171
Document version: 6PW102-20131121
This manual is related to the following products:
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS
Table of contents
Document Outline
- Title Page
- Preface
- Contents
- Configuring ACLs
- Overview
- Configuring an ACL in the Web interface
- Configuring an ACL at the CLI
- Configuring security zones
- Configuring service management
- Overview
- Configuring service management
- Service management configuration examples
- HTTP configuration example
- Network requirements
- Configuring a periodic time range on Saturday and Sunday
- Creating a basic ACL
- Creating a rule to allow Host A to access SecPath
- Creating a rule to disable other hosts from accessing SecPath on Saturday and Sunday
- Configuring an ACL rule to allow other hosts to access SecPath
- Associating HTTP service with ACL 2000
- HTTPS configuration example
- HTTP configuration example
- Configuring address resources
- Address resource overview
- Configuring an address resource
- Configuring service resources
- Configuring time range resources
- Interzone policy configuration
- Interzone policy overview
- Configuring an interzone policy
- Firewall policy configuration wizard
- Managing sessions
- Overview
- Configuring session management in the Web interface
- Configuring session management at the CLI
- Configuring virtual fragment reassembly
- Configuring ASPF
- Configuring connection limits
- Overview
- Configuring connection limit in the Web interface
- Configuring connection limit at the CLI
- Configuring portal authentication
- Feature and hardware compatibility
- Overview
- Portal configuration task list
- Configuration prerequisites
- Specifying a portal server for Layer 3 portal authentication
- Enabling Layer 3 portal authentication
- Controlling access of portal users
- Configuring RADIUS related attributes
- Specifying a source IP address for outgoing portal packets
- Specifying an auto redirection URL for authenticated portal users
- Configuring portal detection functions
- Logging off portal users
- Displaying and maintaining portal
- Portal configuration examples
- Configuring direct portal authentication
- Configuring re-DHCP portal authentication
- Configuring cross-subnet portal authentication
- Configuring direct portal authentication with extended functions
- Configuring re-DHCP portal authentication with extended functions
- Configuring cross-subnet portal authentication with extended functions
- Configuring portal server detection and portal user information synchronization
- Troubleshooting portal
- Configuring AAA
- Feature and hardware compatibility
- AAA overview
- Configuring AAA at the CLI
- Configuring AAA schemes
- Configuring local users
- Configuring RADIUS schemes in the Web interface
- RADIUS configuration example in the Web interface
- Configure RADIUS schemes at the CLI
- RADIUS scheme configuration task list
- Creating a RADIUS scheme
- Specifying the RADIUS authentication/authorization servers
- Specifying the RADIUS accounting servers and the relevant parameters
- Specifying the shared keys for authenticating RADIUS packets
- Specifying a VPN for the RADIUS scheme
- Setting the supported RADIUS server type
- Setting the maximum number of RADIUS request transmission attempts
- Setting the status of RADIUS servers
- Setting the username format and traffic statistics units
- Specifying the source IP address for outgoing RADIUS packets
- Setting timers for controlling communication with RADIUS servers
- Configuring RADIUS accounting-on
- Configuring the IP address of the security policy server
- Configuring interpretation of RADIUS class attribute as CAR parameters
- Enabling the trap function for RADIUS
- Enabling the RADIUS listening port of the RADIUS client
- Displaying and maintaining RADIUS
- RADIUS scheme configuration guidelines
- Configuring HWTACACS schemes in the Web interface
- HWTACACS configuration example in the Web interface
- Configuring HWTACACS schemes at the CLI
- HWTACACS configuration task list
- Creating an HWTACACS scheme
- Specifying the HWTACACS authentication servers
- Specifying the HWTACACS authorization servers
- Specifying the HWTACACS accounting servers and the relevant parameters
- Specifying the shared keys for authenticating HWTACACS packets
- Specifying a VPN for the HWTACACS scheme
- Setting the username format and traffic statistics units
- Specifying a source IP address for outgoing HWTACACS packets
- Setting timers for controlling communication with HWTACACS servers
- Displaying and maintaining HWTACACS
- HWTACACS scheme configuration guidelines
- Configuring AAA methods for ISP domains
- Forcibly tearing down user connections
- Configuring a NAS ID-VLAN binding
- Displaying and maintaining AAA
- AAA configuration examples
- Troubleshooting AAA
- Configuring password control
- Configuring FIPS
- Index