ono"? AR 15082008 1200877008:3200 V200R003C01 Configuration Gude-Security - Enterprise Service Suppoet
AR150&200&1200&2200&3200 V200R003C01 Configura...
Contents
01-05 Local attack Defense
Configuration
01.07 Attack Defense Configuration
01-08 Taff Suppression
Configuration
01-09 ARP Secutty Configuration
01-10 DHCP Snooping
Configuration
01-11 IPS Configuration
01-12 URPF Configuration
01-13 Pet Configuration
01-14 SSL Configuration
01-15 HTTPS Configuration
on
6 Keychain Configuration
hp support hsawel comlerterprseldocinforeader acton?eantan
Solutions By lndustry Services How to Buy artners Support
outer AR ARI200
2200&3200 V200R003C01
“Security
([[tavoine “| ewnioad“Feeaback_]
Contents
15 HTTPS Configuration
151 HTTPS Oseniew
1 5 HTTPS Configuration
The Hypertext Transfer Protocol Secure (HTTPS) protocol provides secure web access using
security mechanisms provided by the Secure Sockets Layer (SSL) protocol, including data
encryption, identity authentication, and message integrity check
15.1 HTTPS Overview
Secure HTTP (HTTPS) effectively improves device security
15.2 Configuring the Device as an HTTPS Server
The HTTPS server function allows users to securely access the device on web pages.
This section provides an HTTPS configuration example.
15.1 HTTPS Overview
Secure HTTP (HTTPS) effectively improves device security
HTTPS supports the secure sockets Layer (SSU)
HITPS improves device security using SSL:
+ Allows authorized clients access the device securely and rejects unauthorized clients
+ Encrypts data exchanged between clients and the device to ensure data
transmission security and integrity and implement secure management.
+ Defines access control policies based on certificate atributes and controls access
rights of clients to defend against attacks from unauthorized clients.
‘As shown in Figure 15-1, an SSL policy is configured on the device (an HTTP server). After
‘the HTTPS server function is enabled on the device, users can use a web browser to log
to the device (an HTTPS server) and manage the device on web pages,
Figure 15-1 Loaging ino an HTTPS server through the web browser
1OC 00001945 partNo= 10022 1“ono"? AR 15082008 1200877008:3200 V200R003C01 Configuration Gude-Security - Enterprise Service Suppoet
AR150&200&1200&2200&3200 V200R003C01 Configura...
Contents
01-05 Local attack Defense
Configuration
01.07 Attack Defense Configuration
01-08 Taff Suppression
Configuration
01-09 ARP Secutty Configuration
01-10 DHCP Snooping
Configuration
01-11 IPS Configuration
01-12 URPF Configuration
01-13 Pet configuration
01-14 SSL Configuration
01-15 HTTPS Configuration
on
6 Keychain Configuration
ip support nsawel comlerterprseldocinforeader acton7eantan
=z SY inition
15.2 Configuring the Device as an HTTPS Server
‘The HTTPS server function allows users to securely access the device on web page:
Prerequisites
‘A server SSL policy has been configured. For details on how to configure a server $
policy, see 143 Configuring a Server $51 Poli
Context
‘When users access a remote device functioning as an HTTP server, the following promiems
+ Users cannot authenticate the device.
+ Privacy and integrity of data transmitted between users and the device cannot be
ensured.
‘To solve the preceding problems, configure the device as an HTTPS server. The device uses
the SSL protocols data encryption, identity authentication, and message integrity check
‘mechanisms to protect security of data transmitted between users and the device. These
‘mechanisms ensure that users securely access a remote device on web pages.
Procedure
1. Runs
The system view is displayed.
2 Run
[An SSL policy is applied to the HTTPS service.
By default, no SSL policy is applied to the HTTPS service on the device,
3. (Optional) Run
The port number is set for the HTTPS service.
By default, the port number of the HTTPS service is 443
4. Rum:
The HTTPS server function is enabled on the device.
By default the HTTPS server function is disabled on the device.
(Checking the Configuration,
+# Run the display current-configuration command to check the configuration of the
HTTPS server
15.3 Configuration Examples
This section provides an HTTPS configuration example.
15.3.1 Example for Configuring the Device as an HTTPS Server
Networking Environment
[As shown in Figure 15-2, users access the gateway Router through web.
‘To prevent data intercepting and tampering during data transmission, a network
administrator requires that users use HTTPS to access the Router securely
Figure 15-2 Networking diagram of HTTPS server configuration
Router User
10 ton00 1945 partNo= 10022 24ono"? ‘AR 15082008 1200827008300 V200R003C01 Configuration Gude-Security - Enterprise Service Support
AR150&200&1200&2200&3200 V200R003C01 Configura...
Configuration Roadmap
Contents ‘The configuration roadmap is a follows:
1. Create a VLAN and a VLANIF interface, and configure the interface to allo.
01-05 Local attack Defense
enterprise users to access the router.
Configuration
2 Configure a server SSL. policy and apply the default PKI domain to the sen.
policy. The CA server isnot required.
3. Configure an HTTPS server to ensure confident
01.07 Attack Defense Configuration
01-08 Taff Suppression
ity and integrity of data
Configuration ‘transmission between users and the Router.
01-098 Sci Congurtion
01-10 HCP Snoping
Contin 1. Create a IAN and configure the imerfae.
01-11 PSG contguton + Create VAN TI on the Router
01-12 UREFconguaton so} ai
01-18 Pt Consguaton # Add £42/0/0 connecting to users to VIAN 11.
01-1451 configuration Nicaea pre Map wns
01-15 HTTPS Configuration timceeencaee] git
01-15 keyeain Conigurstion 1 Create VANIE 11 and assign Paddess 192.168.2.29/24 to VLANIF 1
svt] interface vlan.
2. Configure a server SSL policy
4 Apply the default PKI domain default to the server SSL. policy
uel} oe) pollen uereerver type werver
Neseineteplsoyaserurc) perealn default
1 Set the maximum number of sessions that can be saved and the timeout period
of a saved session are set
Icarus osu 2 700
Configure the HTTPS server.
1 Bind the SSL policy userserver to the HTTPS server.
wel) Baty seunersever sel-poey userserver
4 Configure the port number of the HTTPS service.
awa) ety eourecsrver pore 1278
4 Enable the HTTPS server function on the Router.
ove} boty scunemsrver enable .
Imac I ere oe tei ih Sole. Cnn eating EP ace sre
ge iced i atarting te BTS ae
4 Verity the configuration,
+ Run the display ss policy policy-name command to view the configuration of
the SSL policy userserver.
Tw oa
# Start the web browser on a computer, and enter httos//12.1..1:1278 in the
address box. The web management system is displayed, and you can manage the
Router on the web pages.
Configuration File
Configuration fle of the Router
hip support nsawel comlerterprseldocinforeader acton?cantend=DOC 100001845 aparNNo= 10032 aiaono"?
‘AR 15082008 1200827008300 V200R003C01 Configuration Gude-Security - Enterprise Service Support
AR150&200&1200&2200&3200 V200R003C01 Configura...
Contents
01-05 Local attack Defense
Configuration
101.07 Attack Defense Configuration
01-08 Taff Suppression
Configuration
01-09 ARP Secutty Configuration
01-10 DHCP Snooping
Configuration
01-11 IPS Configuration
01-12 URPF Configuration
01-13 Pet Configuration
01-14 SSL Configuration
01-15 HTTPS Configuration
01-16 Keychain Configuration
‘About Huawel
ep seanecoree es-pliey veneer
Average gO ated Owe veage ae of prot sng 0%
(anes)
parter Resources Quik ks
set P ce - : Sage
Pater Tig ideo va g
Moa step APP
case tude
hp support hsawel comlerterprseldocnforeader acton?cantend=DOC 100001845 faparNo= 10032