Manual mapping, Combining automapping and manual mapping, Blocking – HP e-Commerce Server Accelerator sa7120 User Manual

C H A P T E R 3

SSL Processing

31

Manual mapping

The user can create (with the create map command) one or more
mapping entries for individual servers. This is the only way to specify
unique keyIDs for each server. Normally, when manual mapping is
performed, the initial automapping entry is deleted, but this is not a
requirement.

Combining automapping and manual mapping

NOTE: If both manual
mappings and applicable
automappings are
available, the SA7100/
SA7120 always uses the
manual mapping.

Any combination of automapping and manual mapping entries, up to
a total of 1000, can be used provided the server IP address and
network port combinations are unique. Several of the scenarios in
Chapter 4 include step-by-step mapping procedures.

Blocking

For security purposes, the SA7100/SA7120 allows the blocking of
particular IP addresses and ports. IP/port combinations can be
blocked on the basis of:

NOTE: Blocking
operations apply to both
TCP and UDP traffic.

•

Specific IP, specific port

•

Subnet, specific port

•

All IPs, specific port

Specific IP, Specific Port

To block a specific server IP and specific port combination:

1. Type the create block command.

2. Type the IP address.

3. Press Enter to accept the default IP mask.

4. Type the specific port.

5. Press Enter to accept the default port mask.

Example:

HP SA7120> create block

Client IP to block [0.0.0.0]: 10.1.2.1

Client IP mask [0.0.0.0]: 255.255.255.255

Server IP to block [0.0.0.0]: 20.1.2.1

Server IP mask [0.0.0.0]: 255.255.255.255

Server Port to block: 80

Server Port mask [0xffff]:<Enter>