This is a
RemoteMgmtSSH
object that controls SSH access via the CLI. This is enabled by
default and allows SSH access from the
192.168.1.0/24
network on the default management
interface.
For other types of access, such as SNMP access, additional
Remote Management
objects must be
created.
Preventing Loss of Management Access
When the IP address of the management interface or a remote management rule is changed,
there is a risk that the change can prevent further management access. NetDefendOS prevents
this in the following ways:
•
Changes made through the Web Interface
For configuration changes to the Web Interface, there is a delay after performing a
Save and
Activate
operation (the default is 30 seconds) followed by an automatic check that the web
browser and NetDefendOS can still communicate. If communication is lost after the delay,
the original configuration is restored.
If the administrator expects that configuration changes will break the communication
between NetDefendOS and the web browser (for example, by changing the management IP),
they should select
Save and Activate
then login again before the timeout period expires. This
login tells NetDefendOS that the administrator still has access and the configuration will not
revert back to the old version.
•
Changes made through the CLI over SSH
When using the CLI via an SSH connection, the administrator must first issue the command:
gw-world:/> activate
This activates the new configuration but the changes are not made permanent until the
following command is issued:
gw-world:/> commit
If the
commit
command is not issued within a fixed period of time (the default is 30 seconds)
after the
activate
, NetDefendOS assumes communication has been lost and the original
configuration is restored.
If a configuration change breaks SSH communication, the administrator must login in again
over SSH in order to issue the
commit
command and make the changes persistent.
•
Changes made via the Local Console CLI
Unlike when using SSH, communication with the local serial console cannot be lost if
changing a management interface IP address and/or a remote management rule. This means
that a
commit
command can always be issued after an
activate
command to make changes
persistent. However, the administrator must then check manually if access via the
management interface is still possible after entering
commit
.
If the default 30 second delay is too short, the delay can be changed in the configuration's
advanced settings. The setting to change has the name
Validation Timeout
in the Web Interface
and
NetconBiDirTimeout
in the CLI. It is a global setting.
Chapter 2: Management and Maintenance
36
Содержание NetDefendOS
Страница 30: ...Figure 1 3 Packet Flow Schematic Part III Chapter 1 NetDefendOS Overview 30 ...
Страница 32: ...Chapter 1 NetDefendOS Overview 32 ...
Страница 144: ...Chapter 2 Management and Maintenance 144 ...
Страница 220: ... Enable DHCP passthrough Enable L2 passthrough for non IP protocols 4 Click OK Chapter 3 Fundamentals 220 ...
Страница 267: ... SourceNetwork lannet DestinationInterface any DestinationNetwork all nets 4 Click OK Chapter 3 Fundamentals 267 ...
Страница 284: ...Chapter 3 Fundamentals 284 ...
Страница 360: ...The ospf command options are fully described in the separate NetDefendOS CLI Reference Guide Chapter 4 Routing 360 ...
Страница 392: ...Chapter 4 Routing 392 ...
Страница 396: ...Web Interface 1 Go to Network Ethernet If1 2 Select Enable DHCP 3 Click OK Chapter 5 DHCP Services 396 ...
Страница 419: ... Host 2001 DB8 1 MAC 00 90 12 13 14 15 5 Click OK Chapter 5 DHCP Services 419 ...
Страница 420: ...Chapter 5 DHCP Services 420 ...
Страница 424: ...2 Now enter Name lan_Access Action Expect Interface lan Network lannet 3 Click OK Chapter 6 Security Mechanisms 424 ...
Страница 573: ...Chapter 6 Security Mechanisms 573 ...
Страница 575: ...This section describes and provides examples of configuring NAT and SAT rules Chapter 7 Address Translation 575 ...
Страница 607: ...Chapter 7 Address Translation 607 ...
Страница 666: ...Chapter 8 User Authentication 666 ...
Страница 775: ...Chapter 9 VPN 775 ...
Страница 819: ...Chapter 10 Traffic Management 819 ...
Страница 842: ...Chapter 11 High Availability 842 ...
Страница 866: ...Default Enabled Chapter 13 Advanced Settings 866 ...
Страница 879: ...Chapter 13 Advanced Settings 879 ...