Manualshelf

Troubleshooting guide

ManualsBrandsAlcatel ManualsComputer equipmentSecurity Management Server (SMS) Release 9.4
71727374757677787980
3 — NE user and device security
3-8 Alcatel-Lucent 5620 Service Aware Manager
5620 SAM
System Administrator Guide
3.7 7705 SAR-H firewalls
The 5620 SAM supports the firewall function on a Release 5.0 7705 SAR-H. Using
the 5620 SAM, you can configure firewall policies, view the firewall status and
display the firewall faults. The 5620 SAM supports the configuration of an
individual NE instance or a policy that applies to multiple NEs. See Procedure 3-16
for more information.
Configuring a 7705 SAR-H firewall on a management or CPM interface
The 5620 SAM supports two interfaces to manage the control traffic on a Release 5.0
7705 SAR-H, for example, OSPF, BGP, RSVP-TE, LDP, and SNMP. These
management interfaces allow zone definition entries to be applied to the firewall.
The two interfaces are:
the device management interface, which is the physical management Ethernet
port on the main chassis; see Procedure 3-17 for configuration information
For the NE management access firewall interface on the management port, there
is always only one set of zone rules applied to control traffic that arrives on the
interface. The management zone rules are applied if configured on ingress to the
firewall. If the control packets pass, they are sent to the CPM without any further
egress rules applied.
the device CPM interface, which is the in-band management interface; see
Procedure 3-18 for configuration information
For the NE CPM firewall management interface, control traffic that is intended
for the CPM has ingress and egress zone rules applied. When the control traffic
ingresses the 7705 SAR-H on a source interface such as a SAP, spoke SDP, or
network interface, the zone rules associated with the interface are applied to the
firewall. If management zone rules are configured on the NE CPM firewall, the
rules are applied to packets on egress from the firewall before processing by the
CPM.
3.8 Workflow to manage NE user and device security
This workflow describes the high-level steps to manage NE user and device security.
1 Specify the type of authentication keys used on the device; for example, SHA or
MD5, as part of the device discovery. See “To commission a device for 5620 SAM
management” in the 5620 SAM User Guide for more information.
2 As required, manage 5620 SAM user profiles and accounts. See chapter 2.
3 Create a MAF for each device; see Procedure 3-1.
4 Create filter policies for device CPM modules; see Procedure 3-2.
Note — Release 6.0 and later 7705 SAR-H devices do not support the
firewall function.
Release 12.0 R6 | November 2014 | 3HE 08861 AAAF TQZZA Edition 01