Configuring SSE Using the CLI
Set the Server Listening Port
1. Verify that your back-end servers are configured for encrypted connections — if they are
not, the connection will fail. Configure the listening port number (typically port 443 for
HTTPS) for each server. Refer to
"Adding and Modifying Servers" on page 460
for details.
Global Cipher Suite and TLS Configuration
First, you will need to enable SSE on your Equalizer on a global level.
2. Enter the cipher suite (set of cipher specifications) to use in the encryption.
eqcli >
sse cipherspec
cipher_spec
cipher_spec
is the cipher suite to use. This is passed from the client to the server in
the Client Hello message. It contains the combinations of cryptographic algorithms
supported by the client in order of the client's preference (first choice first). Each
cipher suite defines both a key exchange algorithm and a cipher spec. The server
selects a cipher suite or, if no acceptable choices are presented, returns a handshake
failure alert and closes the connection.Once you add an https cluster, a default cipher
suite will be added (AES128-SHA:DES-CBC3-SHA:RC4-SHA:RC4-MD5:AES256-
SHA:!SSLv2).
Note
- SSLv2 is not supported as Equalizer will not negotiate with packets using SSLv2 encyrption.
Add additional cipher specs as described in
"Cluster and Match Rule Commands"
169 and
"Layer 7 SSL Security (HTTPS Clusters)"
on page 349 as necessary.
3. Now, enter the allowable TLS versions for use with the
cipher_spec.
eqcli >
sse flags
tls_flags
where
tls_flags
can be
allow_tls10
(TLS version 1.0),
allow_tls11
(TLS version
1.1) or
allow_tls12
(TLS version 1.2). You must add each TLS version that you wish
to use. For example, if you add only TLS version 1.1, this will be the only allowable
TLS version used with the cipher spec.
Copyright © 2014 Coyote Point Systems, A Subsidiary of Fortinet, Inc.
All Rights Reserved.
361
Equalizer Administration Guide
Содержание Equalizer GX Series
Страница 18: ......
Страница 32: ...Overview 32 Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc ...
Страница 42: ......
Страница 52: ......
Страница 64: ......
Страница 72: ......
Страница 76: ......
Страница 123: ...Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc All Rights Reserved 123 Equalizer Administration Guide ...
Страница 228: ......
Страница 238: ......
Страница 411: ...Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc All Rights Reserved 411 Equalizer Administration Guide ...
Страница 459: ...Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc All Rights Reserved 459 Equalizer Administration Guide ...
Страница 476: ......
Страница 492: ......
Страница 530: ......
Страница 614: ......
Страница 626: ......
Страница 638: ......
Страница 678: ......
Страница 732: ...Using SNMP Traps 732 Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc ...
Страница 754: ......
Страница 790: ......
Страница 804: ......
Страница 842: ......
Страница 847: ...Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc All Rights Reserved 847 Equalizer Administration Guide ...
Страница 866: ......