User`s guide
Table Of Contents
- Figure 2.1: VMR Series - Front Panel (Model VMR-16HD20-1 Shown)
- Figure 2.2: VMR Series - Back Panel (Model VMR-16HD20-1 Shown)
- Figure 2.3: NPS Series - Front Panel (Model NPS-16HD20-1 Shown)
- Figure 2.4: NPS Series - Back Panel (Model NPS-16HD20-1 Shown)
- Figure 5.1: Boot Priority Example 1
- Figure 5.2: Boot Priority Example 2
- Figure 9.1: The Help Menu (Administrator Mode; Text Interface - VMR Shown)
- Figure 14.1: Web Access Parameters (Text Interface Only)
- Figure B.1: RS232 SetUp Port Interface
- 1. Introduction
- 2. Unit Description
- 3. Getting Started
- 4. Hardware Installation
- 5. Basic Configuration
- 5.1. Communicating with the VMR or NPS Unit
- 5.2. Configuration Menus
- 5.3. Defining System Parameters
- 5.4. User Accounts
- 5.5. Managing User Accounts
- 5.6. The Plug Group Directory
- 5.7. Defining Plug Parameters
- 5.8. Serial Port Configuration
- 5.9. Network Configuration
- 5.10. Save User Selected Parameters
- 6. Reboot Options
- 7. Alarm Configuration
- 8. The Status Screens
- 9. Operation
- 10. SSH Encryption
- 11. Syslog Messages
- 12. SNMP Traps
- 13. Operation via SNMP
- 14. Setting Up SSL Encryption
- 15. Saving and Restoring Configuration Parameters
- 16. Upgrading VMR/NPS Firmware
- 17. Command Reference Guide
- Appendix A. Specifications
- Appendix B. Interface Descriptions
- Appendix C. Customer Service
- Index
5-33
Basic Configuration
5.9.3. IP Security
The IP Security feature allows the VMR/NPS to restrict unauthorized IP addresses from
establishing inbound connections to the unit via telnet or Web Browser. This allows
you to grant access to only a specific group of Telnet or Web IP addresses, or block a
particular IP address completely. In the default state, the VMR/NPS accepts incoming IP
connections from all hosts.
In the Text Interface, IP Security parameters are defined via the Network Configuration
menu. In the Web Browser Interface, these parameters are found by placing the cursor
over the "Network Configuration" link, and then clicking on the "IP Security" link in the
resulting fly-out menu. In the default state, IP Security is disabled. The IP Security
Function employs a TCP Wrapper program which allows the use of standard, Linux
operators, wild cards and net/mask pairs to create a host based access control list.
The IP Security configuration menus include "hosts.allow" and "hosts.deny" client
lists. When setting up IP Security, you must enter IP addresses for hosts that you wish
to allow in the Allow list, and addresses for hosts that you wish to deny in the Deny
list. Since Linux operators, wild cards and net/mask pairs are allowed, these lists can
indicate specific addresses, or a range of addresses to be allowed or denied.
When the IP Security feature is properly enabled, and a client attempts to connect, the
VMR/NPS will perform the following checks:
1. If the client’s IP address is found in the "hosts.allow" list, the client will be granted
immediate access. Once an IP address is found in the Allow list, the VMR/NPS will
not check the Deny list, and will assume you wish to allow that address to connect.
2. If the client’s IP address is not found in the Allow list, the VMR/NPS will then
proceed to check the Deny list.
3. If the client’s IP Address is found in the Deny list, the client will not be allowed to
connect.
4. If the client’s IP Address is not found in the Deny list, the client will be allowed to
connect, even if the address was not found in the Allow list.
Notes:
• If the VMR/NPS finds an IP Address in the Allow list, it will not check the Deny
list, and will allow the client to connect.
• If both the Allow and Deny lists are left blank, then the IP Security feature will
be disabled, and all IP Addresses will be allowed to connect (providing that
the proper password and/or SSH key is supplied.)
• When the Allow and Deny lists are defined, the user is only allowed to specify
the Client List; the Daemon List and Shell Command cannot be defined.