20
Blue Coat SG210 Installation Guide
4
(Optional) On page 3, you might restrict the use of the console account to a specific workstation. On
this screen, you can add one IP address to the list of authorized workstations that are approved to use
the console account. Additional workstations maybe configured later using the CLI or through the
Management Console.
Figure 2-13: Initial Setup—Page Three
Note:
For maximum security, restrict physical access to the SG210.
Note:
After completing the initial configuration, you can change the workstation restriction
settings through the security commands in the CLI or the Console Access page in the
Management Console (under Authentication). You can add or remove IP addresses or
you can enable or disable workstation restrictions. Refer to Volume 4: Securing the Blue
Coat ProxySG Appliance of the
Blue Coat ProxySG Configuration and Management Guide Suite
for details.
---------------------- (page 3 of 5) ---------------------
Press <ESC> at any time to return to the main menu
DIRECTIONS:
The console username and password are special. They can be used to log in
to the CLI or Web Management interface even in circumstances where this is
denied by VPM or CPL policy.
This makes the console account useful in emergencies,as a way to log in
when policy is broken, but it may also create a security hole.
To close the security hole, we recommend that you restrict the use of the
console account to specific workstations, identified by their IP address.
This dialog allows you to add one IP address to the list of workstations
that are authorized to use the console account. (This same list is also
used to restrict which workstations can use SSH with RSA authentication.)
Additional workstations may be configured later from the command line
interface or the Web interface.
WARNING: The console account can currently be used to log in from any
workstation.
Would you like to restrict access to an authorized workstation? Y/N [Yes]
Y
Authorized workstation [0.0.0.0]:
10.2.33.1