You are on page 1of 4
ono"? AR 15082008 1200877008:3200 V200R003C01 Configuration Gude-Security - Enterprise Service Suppoet AR150&200&1200&2200&3200 V200R003C01 Configura... Contents 01-05 Local attack Defense Configuration 01.07 Attack Defense Configuration 01-08 Taff Suppression Configuration 01-09 ARP Secutty Configuration 01-10 DHCP Snooping Configuration 01-11 IPS Configuration 01-12 URPF Configuration 01-13 Pet Configuration 01-14 SSL Configuration 01-15 HTTPS Configuration on 6 Keychain Configuration hp support hsawel comlerterprseldocinforeader acton?eantan Solutions By lndustry Services How to Buy artners Support outer AR ARI200 2200&3200 V200R003C01 “Security ([[tavoine “| ewnioad“Feeaback_] Contents 15 HTTPS Configuration 151 HTTPS Oseniew 1 5 HTTPS Configuration The Hypertext Transfer Protocol Secure (HTTPS) protocol provides secure web access using security mechanisms provided by the Secure Sockets Layer (SSL) protocol, including data encryption, identity authentication, and message integrity check 15.1 HTTPS Overview Secure HTTP (HTTPS) effectively improves device security 15.2 Configuring the Device as an HTTPS Server The HTTPS server function allows users to securely access the device on web pages. This section provides an HTTPS configuration example. 15.1 HTTPS Overview Secure HTTP (HTTPS) effectively improves device security HTTPS supports the secure sockets Layer (SSU) HITPS improves device security using SSL: + Allows authorized clients access the device securely and rejects unauthorized clients + Encrypts data exchanged between clients and the device to ensure data transmission security and integrity and implement secure management. + Defines access control policies based on certificate atributes and controls access rights of clients to defend against attacks from unauthorized clients. ‘As shown in Figure 15-1, an SSL policy is configured on the device (an HTTP server). After ‘the HTTPS server function is enabled on the device, users can use a web browser to log to the device (an HTTPS server) and manage the device on web pages, Figure 15-1 Loaging ino an HTTPS server through the web browser 1OC 00001945 partNo= 10022 1“ ono"? AR 15082008 1200877008:3200 V200R003C01 Configuration Gude-Security - Enterprise Service Suppoet AR150&200&1200&2200&3200 V200R003C01 Configura... Contents 01-05 Local attack Defense Configuration 01.07 Attack Defense Configuration 01-08 Taff Suppression Configuration 01-09 ARP Secutty Configuration 01-10 DHCP Snooping Configuration 01-11 IPS Configuration 01-12 URPF Configuration 01-13 Pet configuration 01-14 SSL Configuration 01-15 HTTPS Configuration on 6 Keychain Configuration ip support nsawel comlerterprseldocinforeader acton7eantan =z SY inition 15.2 Configuring the Device as an HTTPS Server ‘The HTTPS server function allows users to securely access the device on web page: Prerequisites ‘A server SSL policy has been configured. For details on how to configure a server $ policy, see 143 Configuring a Server $51 Poli Context ‘When users access a remote device functioning as an HTTP server, the following promiems + Users cannot authenticate the device. + Privacy and integrity of data transmitted between users and the device cannot be ensured. ‘To solve the preceding problems, configure the device as an HTTPS server. The device uses the SSL protocols data encryption, identity authentication, and message integrity check ‘mechanisms to protect security of data transmitted between users and the device. These ‘mechanisms ensure that users securely access a remote device on web pages. Procedure 1. Runs The system view is displayed. 2 Run [An SSL policy is applied to the HTTPS service. By default, no SSL policy is applied to the HTTPS service on the device, 3. (Optional) Run The port number is set for the HTTPS service. By default, the port number of the HTTPS service is 443 4. Rum: The HTTPS server function is enabled on the device. By default the HTTPS server function is disabled on the device. (Checking the Configuration, +# Run the display current-configuration command to check the configuration of the HTTPS server 15.3 Configuration Examples This section provides an HTTPS configuration example. 15.3.1 Example for Configuring the Device as an HTTPS Server Networking Environment [As shown in Figure 15-2, users access the gateway Router through web. ‘To prevent data intercepting and tampering during data transmission, a network administrator requires that users use HTTPS to access the Router securely Figure 15-2 Networking diagram of HTTPS server configuration Router User 10 ton00 1945 partNo= 10022 24 ono"? ‘AR 15082008 1200827008300 V200R003C01 Configuration Gude-Security - Enterprise Service Support AR150&200&1200&2200&3200 V200R003C01 Configura... Configuration Roadmap Contents ‘The configuration roadmap is a follows: 1. Create a VLAN and a VLANIF interface, and configure the interface to allo. 01-05 Local attack Defense enterprise users to access the router. Configuration 2 Configure a server SSL. policy and apply the default PKI domain to the sen. policy. The CA server isnot required. 3. Configure an HTTPS server to ensure confident 01.07 Attack Defense Configuration 01-08 Taff Suppression ity and integrity of data Configuration ‘transmission between users and the Router. 01-098 Sci Congurtion 01-10 HCP Snoping Contin 1. Create a IAN and configure the imerfae. 01-11 PSG contguton + Create VAN TI on the Router 01-12 UREFconguaton so} ai 01-18 Pt Consguaton # Add £42/0/0 connecting to users to VIAN 11. 01-1451 configuration Nicaea pre Map wns 01-15 HTTPS Configuration timceeencaee] git 01-15 keyeain Conigurstion 1 Create VANIE 11 and assign Paddess 192.168.2.29/24 to VLANIF 1 svt] interface vlan. 2. Configure a server SSL policy 4 Apply the default PKI domain default to the server SSL. policy uel} oe) pollen uereerver type werver Neseineteplsoyaserurc) perealn default 1 Set the maximum number of sessions that can be saved and the timeout period of a saved session are set Icarus osu 2 700 Configure the HTTPS server. 1 Bind the SSL policy userserver to the HTTPS server. wel) Baty seunersever sel-poey userserver 4 Configure the port number of the HTTPS service. awa) ety eourecsrver pore 1278 4 Enable the HTTPS server function on the Router. ove} boty scunemsrver enable . Imac I ere oe tei ih Sole. Cnn eating EP ace sre ge iced i atarting te BTS ae 4 Verity the configuration, + Run the display ss policy policy-name command to view the configuration of the SSL policy userserver. Tw oa # Start the web browser on a computer, and enter httos//12.1..1:1278 in the address box. The web management system is displayed, and you can manage the Router on the web pages. Configuration File Configuration fle of the Router hip support nsawel comlerterprseldocinforeader acton?cantend=DOC 100001845 aparNNo= 10032 aia ono"? ‘AR 15082008 1200827008300 V200R003C01 Configuration Gude-Security - Enterprise Service Support AR150&200&1200&2200&3200 V200R003C01 Configura... Contents 01-05 Local attack Defense Configuration 101.07 Attack Defense Configuration 01-08 Taff Suppression Configuration 01-09 ARP Secutty Configuration 01-10 DHCP Snooping Configuration 01-11 IPS Configuration 01-12 URPF Configuration 01-13 Pet Configuration 01-14 SSL Configuration 01-15 HTTPS Configuration 01-16 Keychain Configuration ‘About Huawel ep seanecoree es-pliey veneer Average gO ated Owe veage ae of prot sng 0% (anes) parter Resources Quik ks set P ce - : Sage Pater Tig ideo va g Moa step APP case tude hp support hsawel comlerterprseldocnforeader acton?cantend=DOC 100001845 faparNo= 10032

You might also like