Setup Firewall

Overview

This function configures a firewall for each service.

Configuration is required for each MNT, RMT and FST port.

  • MNT port

    The MNT port is used for general communication between the storage system and the external hosts.

  • RMT port

    The RMT port is used when the line must be separated from the MNT port.

    For the ETERNUS DX60 S5/DX100 S5/DX200 S5 and the ETERNUS AF150 S3/AF250 S3, this port is also used for maintenance of the storage system.

  • FST port

    The FST port is used for maintenance of the storage system.

    This port must be configured for the ETERNUS DX500 S5/DX600 S5/DX900 S5, the ETERNUS DX8100 S4/DX8900 S4, and the ETERNUS AF650 S3.

Caution
  • If both HTTP and HTTPS have been disabled, Web GUI cannot access the storage system.

  • If both Telnet and SSH have been disabled, CLI cannot access the storage system.

  • If ports of all the services are disabled, access to the storage system is not allowed.

  • When the firewall setting is changed, it takes approximately 10 seconds to update the storage system information. To display the most recently updated screen, wait at least 10 seconds and click the [] icon in the [Network] screen or click [Network] in category.

Note
  • To configure the network environment of the storage system, use the [Setup Network Environment] function.

User Privileges

Availability of Executions in the Default Role

Default role Availability of executions
Monitor  
Admin
StorageAdmin  
AccountAdmin  
SecurityAdmin  
Maintainer

Refer to "User Roles and Policies" for details on the policies and roles.

Settings

Firewall Settings

In this screen, configure the firewall of each port for each service.

Item Description Setting values

Acceptable Protocol

HTTP

Specify whether to enable or disable the HTTP connection. Select the checkbox to enable the connection.

HTTP is used when accessing from Web GUI.

Selected: Enabled (Default)

Cleared: Disabled

HTTPS

Specify whether to enable or disable the HTTPS connection. Select the checkbox to enable the connection.

HTTPS is used when accessing from Web GUI. This connection uses the data encryption for data transferring.

Selected: Enabled (Default)

Cleared: Disabled

Telnet

Specify whether to enable or disable the Telnet connection. Select the checkbox to enable the connection.

Telnet is used when accessing from CLI.

Selected: Enabled (Default)

Cleared: Disabled

SSH

Specify whether to enable or disable the SSH connection. Select the checkbox to enable the connection.

Secure Shell (SSH) is used when accessing from CLI. This connection uses the data encryption for data transferring.

Selected: Enabled (Default)

Cleared: Disabled

ICMP

Specify whether to enable or disable the ICMP connection. Select the checkbox to enable the connection.

The Internet Control Message Protocol (ICMP) is used when sending the "ping" command from a PC.

Selected: Enabled (Default)

Cleared: Disabled

Maintenance-Secure

Specify whether to enable or disable the Maintenance-Secure connection. Select the checkbox to enable the connection.

Maintenance-Secure is used when connecting with the monitoring software, or performing a firmware update from the peer storage system using the Remote Support function. This connection uses the data encryption for data transferring.

Selected: Enabled (Default)

Cleared: Disabled

RESTful API(HTTPS)

Specify whether to enable or disable the RESTful API connection. Select the checkbox to enable the connection.

RESTful API is an HTTPS-based call interface of the web system and is implemented according to REpresentational State Transfer (REST).

Selected: Enabled (Default) (*1)

Cleared: Disabled

SNMP

Specify whether to enable or disable the SNMP connection. Select the checkbox to enable the connection.

The Simple Network Management Protocol (SNMP) is used when accessing from SNMP Agent Manager.

Selected: Enabled (Default)

Cleared: Disabled

RCIL

Specify whether to enable or disable the RCIL connection. Select the checkbox to enable the connection.

Whether to enable or disable this parameter can only be set for the MNT port. The Remote Cabinet Interface over LAN (RCIL) controls the power of the storage system from a host via Ethernet by using the Intelligent Platform Management Interface (IPMI), which is a general protocol.

Selected: Enabled

Cleared: Disabled (Default)

ECD

Specify whether to enable or disable the ECD connection. Select the checkbox to enable the connection.

Whether to enable or disable this parameter can only be set for the MNT port. The ECD is a port that is used to collect the configuration information from the storage system that is connected to the network using the Remote Installation function.

Selected: Enabled (Default)

Blank: Disabled

*1  :  This item is enabled in the factory settings. If a controller firmware version earlier than V11L40 is upgraded to version V11L40 or later, this item is disabled before shipping.

Operating Procedures

  1. Select which port to set the firewall for (multiple selections can be made) and click [Setup Firewall] in [Action].

  2. Specify whether to enable or disable the connection of each service, and click the [Set] button.

    → A confirmation screen appears.

  3. Click the [OK] button.

    → Setting of the firewall starts.

  4. Click the [Done] button to return to the [Network] screen.