An administrator or security administrator can configure the access to the MUs (applies for access via SE Manager and CLI) of the SE server in such a manner that it is possible only for explicitly configured IP addresses or for IP addresses from an explicitly configured IP network.
By default the list for access restrictions is empty, and access is permitted without restriction for all IP addresses and networks:
The access restriction is server-specific. In case of MU redundancy, the access restriction is valid for both MUs of the SE server.
In a Management Cluster, you can specify different IP-based access restrictions for each SE server.
> | In the tree structure select Authorizations -> Configuration, IP-based access rights tab. |
The IP-based access rights tab displays the IP addresses and networks for which access to the MUs of the SE server is allowed.
If two SE servers form a Management Cluster, the additional Server column indicates for which SE server the access authorization is defined.
The following options are available to you:
Allow IP address or network
> | Click Allow IP address and enter the IP address or network in the subsequent dialog box. You also have the option of entering a description for the allowed access, such as usage or the contact details of the responsible administrator. With the first entry (IP address or IP network) you enable IP-based access restriction to the MUs of the SE server. Access is then only possible for IP addresses which are entered either explicitly or via an IP network. Because of that, the IP address of your administration PC, from which you have logged on to the SE Manager, should be part of the first entry. |
Remove all IP addresses
> | Click Remove all IP addresses and in the subsequent dialog box select either an SE server, for which all IP addresses are to be removed, or choose All to remove the IP addresses for all SE servers. Thereby unrestricted access to all associated Management Units is possible. |
Set configuration status
> | Click Set configuration status and in the subsequent dialog box determine for each SE server, whether the IP-based access rights should be active or inactive. Only with active IP-based access rights, access to the associated Management Units will be restricted. |
Modify the description for the allowed IP address
> | By the required IP address or network, click the Change icon and enter a description, such as usage or the contact details of the responsible administrator. |
Remove IP address or network
> | By the required IP address or network, click the Remove icon and confirm the action. As soon as you delete the last entry from the list for access restrictions, access to the MUs of the SE server is once again possible for all IP addresses without restriction. You should delete the entry that contains the address of your administration PC last. |