D-Link NetDefendOS User Manual page 36

This is a RemoteMgmtSSH object that controls SSH access via the CLI. This is enabled by
default and allows SSH access from the 192.168.1.0/24 network on the default management
interface.
For other types of access, such as SNMP access, additional Remote Management objects must be
created.
Preventing Loss of Management Access
When the IP address of the management interface or a remote management rule is changed,
there is a risk that the change can prevent further management access. NetDefendOS prevents
this in the following ways:
• Changes made through the Web Interface
For configuration changes to the Web Interface, there is a delay after performing a Save and
Activate operation (the default is 30 seconds) followed by an automatic check that the web
browser and NetDefendOS can still communicate. If communication is lost after the delay,
the original configuration is restored.
If the administrator expects that configuration changes will break the communication
between NetDefendOS and the web browser (for example, by changing the management IP),
they should select Save and Activate then login again before the timeout period expires. This
login tells NetDefendOS that the administrator still has access and the configuration will not
revert back to the old version.
• Changes made through the CLI over SSH
When using the CLI via an SSH connection, the administrator must first issue the command:
gw-world:/> activate
This activates the new configuration but the changes are not made permanent until the
following command is issued:
gw-world:/> commit
If the commit command is not issued within a fixed period of time (the default is 30 seconds)
after the activate, NetDefendOS assumes communication has been lost and the original
configuration is restored.
If a configuration change breaks SSH communication, the administrator must login in again
over SSH in order to issue the commit command and make the changes persistent.
• Changes made via the Local Console CLI
Unlike when using SSH, communication with the local serial console cannot be lost if
changing a management interface IP address and/or a remote management rule. This means
that a commit command can always be issued after an activate command to make changes
persistent. However, the administrator must then check manually if access via the
management interface is still possible after entering commit.
If the default 30 second delay is too short, the delay can be changed in the configuration's
advanced settings. The setting to change has the name Validation Timeout in the Web Interface
and NetconBiDirTimeout in the CLI. It is a global setting.
Chapter 2: Management and Maintenance
36