The administrator can configure access to the SE server and thus to the SE Manager in such a manner that access is possible only for explicitly entered IP addresses or for IP addresses from an explicitly entered IP network.
In a management cluster the configuation can be done server-specific.
The current setting is shown by the IP-based access rights tab in the menu Authorizations -> Configuration.
By default the list for access restrictions is empty, and access is permitted without restriction for all IP addresses.
Security-relevant actions
- You can alternately deactivate and activate the whole configuration of the IP-based access restriction. (status active/inactive)
The deactivation might be useful for maintenance or tests, or if one wants to first prepare the configuration and then activate it as a whole. With the first entry (IP address or IP network) in activated state you enable the IP-based access restriction to the SE server. Access is then only possible for IP addresses which are entered either explicitly or via an IP network.
Therefore you should always observe the following:
Make sure that at activation your own IP address (or the subnetwork) is part of the configuration. Otherwise you will lock yourself out and will lose access to the SE Server!- When you delete the last entry from the list for access restriction, access to the SE server is once again possible for all IP addresses without restriction, irrespective of the current status of the configuration.
The deletion of the entire configuration in one step is also possible. - In a management cluster the configuration can be done server-specific. Therefore, in a management cluster all actions can be executed server-specific or for the whole management cluster.