Table of Contents
Advertisement
Chapter 5
Setup and Configuration
Parameter
enabled
listen-ip { listen-ip }
port { port }
extra-ip-ports { extra-ip-ports }
max-sessions { max-sessions }
idle-timeout { idle-timeout }
ssl-redirect-enabled
client-certificate-verification { client-certificate-verification }
Type commit and press Enter to save the changes, or type revert and press Enter to abort.
3.
Section 5.6
Enabling/Disabling Brute Force Attack Protection
RUGGEDCOM ROX II features a Brute Force Attack (BFA) protection mechanism to prevent attacks via the
CLI, Web interface and NETCONF. This mechanism analyzes the behavior of external hosts trying to access the
SSH port, specifically the number of failed logins. After 15 failed login attempts, the IP address of the host will be
blocked for 720 seconds or 12 minutes. The range of 15 failed login attempts exists to take into account various
196
Description
Synopsis: true or false
Default: true
Provides the ability to configure WebUI features on the device.
Synopsis: A string
Default: 0.0.0.0
The IP Address the CLI will listen on for WebUI requests.
Synopsis: An integer between 0 and 65535
Default: 443
The port on which the WebUI listens for WebUI requests.
Synopsis: A string
The WebUI will also listen on these IP Addresses. For
port values, add ':#' to set non-default port value. (ie.
xxx.xxx.xxx.xxx:19343 [::] [::]:16000). If using the default address,
do not specify another listen address with the same port.
Synopsis: { unbounded }
Default: 20
The maximum number of concurrent WebUI sessions
Synopsis: A string
Default: PT30M
The maximum idle time before terminating a WebUI session.
If the session is waiting for notifications, or has a pending
confirmed commit, the idle timeout is not used. A value of 0
means no timeout. PT30M means 30 minutes.
Synopsis: true or false
Default: true
Redirects traffic from port 80 to port 443. If disabled, port 80 will
be closed.
Synopsis: { none, peer, fail-if-no-peer-cert }
Default: none
Client certificate verifaction level
Level of verification the server does on client certificates
<itemizedlist><listitem>none - It does not do any verification.</
listitem> <listitem>peer - The server will ask the client for a
client-certificate but not fail if the client does not supply a client-
certificate.</listitem> <listitem>fail-if-no-peer-cert - The server
requires the client to supply a client certificate.</listitem></
itemizedlist>
Enabling/Disabling Brute Force Attack Protection
RUGGEDCOM ROX II
CLI User Guide
Advertisement
Table of Contents
Troubleshooting
