100 NetApp AltaVault Cloud Integrated Storage Administration Guide
Beta Draft
Configuring security settings Configuring SSH Access
2. Under Add a new rule, complete the configuration as described in this table.
Configuring SSH Access
AltaVault supports SSH access to the management port of the appliance. SSH access can be done using either user
credentials (username/password) or the client public key. This section describes how to use AltaVault CLI commands
to the configure SSH access using public keys.
To enable SSH access via public key
1. Log in to the AltaVault with the login name and password.
Control Description
Add a New Rule Displays the controls for adding a new rule.
Action Select one of the following rule types from the drop-down list:
• Allow - Allows access when packets match the specified criteria. This is the default
action.
• Deny - Denies access when packets match the specified criteria.
Service Optionally, select Specify Protocol, or HTTP, HTTPS, SOAP, SNMP, SSH, Telnet.
When specified, the Destination Port is dimmed and unavailable.
Protocol (Appears only when Service is set to Specify Protocol.) Optionally, select All, TCP,
UDP, or ICMP from the drop-down list. The default setting is All. When set to All or
ICMP, the Service and Destination Ports are dimmed and unavailable.
Source Network Optionally, specify the source subnet of the inbound packet. For example, 1.2.3.0/24.
Destination Port Optionally, specify the destination port of the inbound packet, either a single port value
or a port range of port1-port2, where port1 must be less than port2. Leave it blank to
specify all ports.
Interface Optionally, select an interface name from the drop-down list. Select All to specify all
interfaces.
Description Optionally, describe the rule to facilitate administration.
Rule Number Optionally, select a rule number from the drop-down list. By default, the rule goes to
the end of the table (just above the default rule).
AltaVaults evaluate rules in numerical order starting with rule 1. If the conditions set in
the rule match, then the rule is applied, and the system moves on to the next packet. If
the conditions set in the rule do not match, the system consults the next rule. For
example, if the conditions of rule 1 do not match, rule 2 is consulted. If rule 2 matches
the conditions, it is applied, and no further rules are consulted.
The default rule, Allow, which allows all remaining traffic from everywhere that has
not been selected by another rule, cannot be removed and is always listed last.
Log Packets Tracks denied packets in the log. By default, packet logging is enabled.
Add Adds the rule to the list. The Management Console redisplays the Rules table and
applies your modifications to the running configuration, which is stored in memory.
Remove Selected Select the check box next to the name and click Remove Selected.
Move Selected Moves the selected rules. Click the arrow next to the desired rule position; the rule
moves to the new position.
To Next Page
Loading...
