Setup Firewall
Overview
This function configures a firewall for each service.
Configuration is required for each MNT, RMT and FST port.
MNT port
The MNT port is used for general communication between the storage system and the external hosts.
RMT port
The RMT port is used when the line must be separated from the MNT port.
For the ETERNUS DX60 S5/DX100 S5/DX200 S5 and the ETERNUS AF150 S3/AF250 S3, this port is also used for maintenance of the storage system.
FST port
The FST port is used for maintenance of the storage system.
This port must be configured for the ETERNUS DX500 S5/DX600 S5/DX900 S5, the ETERNUS DX8100 S4/DX8900 S4, and the ETERNUS AF650 S3.
If both HTTP and HTTPS have been disabled, Web GUI cannot access the storage system.
If both Telnet and SSH have been disabled, CLI cannot access the storage system.
If ports of all the services are disabled, access to the storage system is not allowed.
When the firewall setting is changed, it takes approximately 10 seconds to update the storage system information. To display the most recently updated screen, wait at least 10 seconds and click the [] icon in the [Network] screen or click [Network] in category.
To configure the network environment of the storage system, use the [Setup Network Environment] function.
User Privileges
Availability of Executions in the Default Role
Default role | Availability of executions |
---|---|
Monitor | |
Admin | |
StorageAdmin | |
AccountAdmin | |
SecurityAdmin | |
Maintainer |
Refer to "User Roles and Policies" for details on the policies and roles.
Settings
Firewall Settings
In this screen, configure the firewall of each port for each service.
Item | Description | Setting values | |
---|---|---|---|
Acceptable Protocol |
HTTP |
Specify whether to enable or disable the HTTP connection. Select the checkbox to enable the connection. HTTP is used when accessing from Web GUI. |
Selected: Enabled (Default) Cleared: Disabled |
HTTPS |
Specify whether to enable or disable the HTTPS connection. Select the checkbox to enable the connection. HTTPS is used when accessing from Web GUI. This connection uses the data encryption for data transferring. |
Selected: Enabled (Default) Cleared: Disabled |
|
Telnet |
Specify whether to enable or disable the Telnet connection. Select the checkbox to enable the connection. Telnet is used when accessing from CLI. |
Selected: Enabled (Default) Cleared: Disabled |
|
SSH |
Specify whether to enable or disable the SSH connection. Select the checkbox to enable the connection. Secure Shell (SSH) is used when accessing from CLI. This connection uses the data encryption for data transferring. |
Selected: Enabled (Default) Cleared: Disabled |
|
ICMP |
Specify whether to enable or disable the ICMP connection. Select the checkbox to enable the connection. The Internet Control Message Protocol (ICMP) is used when sending the "ping" command from a PC. |
Selected: Enabled (Default) Cleared: Disabled |
|
Maintenance-Secure |
Specify whether to enable or disable the Maintenance-Secure connection. Select the checkbox to enable the connection. Maintenance-Secure is used when connecting with the monitoring software, or performing a firmware update from the peer storage system using the Remote Support function. This connection uses the data encryption for data transferring. |
Selected: Enabled (Default) Cleared: Disabled |
|
RESTful API(HTTPS) |
Specify whether to enable or disable the RESTful API connection. Select the checkbox to enable the connection. RESTful API is an HTTPS-based call interface of the web system and is implemented according to REpresentational State Transfer (REST). |
Selected: Enabled (Default) (*1) Cleared: Disabled |
|
SNMP |
Specify whether to enable or disable the SNMP connection. Select the checkbox to enable the connection. The Simple Network Management Protocol (SNMP) is used when accessing from SNMP Agent Manager. |
Selected: Enabled (Default) Cleared: Disabled |
|
RCIL |
Specify whether to enable or disable the RCIL connection. Select the checkbox to enable the connection. Whether to enable or disable this parameter can only be set for the MNT port. The Remote Cabinet Interface over LAN (RCIL) controls the power of the storage system from a host via Ethernet by using the Intelligent Platform Management Interface (IPMI), which is a general protocol. |
Selected: Enabled Cleared: Disabled (Default) |
|
ECD |
Specify whether to enable or disable the ECD connection. Select the checkbox to enable the connection. Whether to enable or disable this parameter can only be set for the MNT port. The ECD is a port that is used to collect the configuration information from the storage system that is connected to the network using the Remote Installation function. |
Selected: Enabled (Default) Blank: Disabled |
*1 | : | This item is enabled in the factory settings. If a controller firmware version earlier than V11L40 is upgraded to version V11L40 or later, this item is disabled before shipping. |
Operating Procedures
Select which port to set the firewall for (multiple selections can be made) and click [Setup Firewall] in [Action].
Specify whether to enable or disable the connection of each service, and click the [Set] button.
→ A confirmation screen appears.
Click the [OK] button.
→ Setting of the firewall starts.
Click the [Done] button to return to the [Network] screen.