NetApp AltaVault Cloud Integrated Storage Administration Guide 99
Beta Draft
Configuring a management ACL Configuring security settings
Configuring a management ACL
You can secure access to the AltaVault using an internal management Access Control List (ACL) in the Configure >
Management ACL page. For information on the ACL rules, see “ACL Management Rules” on page 99.
Using an internal management ACL, you can:
restrict access to certain interfaces or protocols of an appliance.
restrict inbound IP access to the AltaVault, protecting it from access by hosts that do not have permission.
specify which hosts or groups of hosts can access and manage the AltaVault by IP address.
The Management ACL provides the following safeguards to prevent accidental disconnection from the AltaVault:
It detects the IP address you are connecting from and displays a warning if you add a rule that denies connections
to that address.
It converts well-known port and protocol combinations such as SSH, Telnet, HTTP, HTTPS, SNMP, and SOAP
into their default management service and protects these services from disconnection. For example, if you specify
protocol 6 (TCP) and port 22, the management ACL converts this port and protocol combination into SSH and
protects it from denial.
It tracks changes to default service ports and automatically updates any references to changed ports in the access
rules.
To set up a management ACL
1. Choose Configure > Management ACL.
2. Under Management ACL Settings, complete the configuration as described in this table.
3. Click Apply to apply your changes to the running configuration.
If you add, delete, or modify a rule that could disconnect connections to the AltaVault, a warning message
appears. Click Confirm to override the warning and allow the rule definition anyway. Use caution when
overriding a disconnect warning.
ACL Management Rules
The management ACL contains rules that define a match condition for an inbound IP packet. You set a rule to allow
or deny access to a matching inbound IP packet. When you add a rule on a AltaVault, the destination specifies the
AltaVault
itself, and the source specifies a remote host.
To add an ACL management rule
1. Choose Configure > Management ACL.
Control Description
Enable Management ACL Select the check box to secure access to a AltaVault using a management ACL.
To Next Page
Loading...
