64
Step
Command
Remarks
9.
Configure a password for the
local user.
•
In non-FIPS mode:
password
[ {
hash
|
simple
}
password
]
•
In FIPS mode:
password
A password is saved in hashed
form.
By default, no password is
configured for a local user.
•
In non-FIPS mode, the local
user can pass authentication
after entering the correct
username and passing
attribute checks.
•
In FIPS mode, the local user
cannot pass authentication.
For security purposes, configure a
password for the local user.
10.
Assign a user role to the
local user.
authorization-attribute user-role
user-role
The default user role is
network-operator for a Web user.
11.
Specify the HTTP service for
the local user.
service-type
http
By default, no service type is
specified for a local user.
Configuring HTTPS login
The device supports the following HTTPS login modes:
•
Simplified mode
—The device uses a self-signed certificate (a certificate that is generated and
signed by the device itself) and the default SSL settings. The device operates in simplified
mode after you enable HTTPS service on the device.
•
Secure mode
—The device uses a certificate signed by a CA and a set of user-defined security
protection settings to ensure security. For the device to operate in secure mode, you must
perform the following tasks:
Enable HTTPS service on the device.
Specify an SSL server policy for the service.
Configure PKI domain-related parameters.
Simplified mode is simple to configure but has potential security risks. Secure mode is more
complicated to configure but provides a higher level of security.
For more information about SSL and PKI, see
Security Configuration Guide
.
Follow these guidelines when you configure HTTPS login:
•
If the HTTPS service and the SSL VPN service use the same port number, they must use the
same SSL server policy. If they use different SSL server policies, only one of them can be
enabled.
•
If the HTTPS service and the SSL VPN service use the same port number and the same SSL
server policy, perform the following tasks:
Disable the two services before you modify the SSL server policy.
Enable the two services again after the modification.
If you do not do so, the SSL server policy will not take effect.
To configure HTTPS login:
Содержание FlexNetwork 10500 Series
Страница 139: ...130 Sysname display version ...