Establishing Secure Administration {Access Control - Nomadix Access Gateway User Manual

A G
CCESS ATEWAY
In order to utilize the parameter signing feature, the EWS or Portal Page Server used must be
configured to correctly parse and verify the signing information. Documentation that includes
guidelines for configuring a server to support signing can be obtained by contacting Nomadix
Technical Support.

Establishing Secure Administration {Access Control}

The Access Gateway allows you to block administrator access to interfaces (Telnet, WMI and
FTP, SSH and SFTP) and incorporates a master access control list that checks the source (IP
address) of administrator logins. A login is permitted only to the interfaces that have not been
blocked, and only if a match is made with the master "Source IP" list contained on the Access
Gateway. If a match is not made with the "Source IP list," the login is denied, even if a correct
login name and password are supplied. The access control list for source IPs supports up to 50
(fifty) entries in the form of a specific IP address or range of IP addresses.
This procedure allows you to enable the "Access Control" feature and block administrator
access to specific interfaces, and add or remove administrator "Source IP" addresses.
The NSE supports secure https connections to the Web Management Interface (WMI). Correct
certificates must be installed on the NSE flash memory for these connections to function
properly. The same certificate set that is used to support SSL connections for subscribers is
used for this purpose. For documentation about configuring the system to support secure
connections, contact technical support. See Appendix A: Technical Support.
In addition, corresponding options to block https connections (independent of http) are
included in the NSE's Access Control functionality, for both the network and subscriber sides.
If the required certificates are not resident on the flash, an attempted https connection will
generate an error syslog.
System Administration 67