
Feedback
Search
Index
Contents
What's New?
Home
Overviews
Solutions
Tasks
	Setup
		Modify Settings
		Basic Settings
		Traffic Shaping
		Compression
		Security
		HTTPS Settings
		SSH Settings
		RADIUS
		Date and Time
		Upgrade Software
		Download Plug-Ins
		SNMP
		Failover
		High Availability
		Standby
		Reset Tree
		Reboot Unit
		Reset Unit
		System Variables
		Frame Relay
		ATM
	Easy Configure
	Classification
	Traffic Tree Mgmt.
	Monitoring
	Partitions
	Policies
	Graphs & Reports
	Measurement
	Event Notification
	Response Time
	Administration
	Group Configuration
	Customer Portal
	PolicyCenter
Reference
Documents

Specify Security Settings

Access to the unit can be limited in a number of ways, for example by setting passwords and securing the interfaces.

Note: To perform this task from PolicyCenter, you must first select a group and/or unit configuration from the Group: and Unit: drop-down lists at the top of the page.

To view or update security settings:

1. Click the setup tab.

2. From the Choose Setup Page list, select security. The security settings appear on the Setup screen. show screen

3. Verify or modify configuration details, as described in the following table.

4. Click apply changes to update the settings.

Field	Description
Look Password	The password for look (read) access. To change from look to touch access, click the logout button on the info tab, and login with the touch password. Passwords can be up to nine characters long and are case-sensitive. They can consist of a combination of letters, numbers, and all special characters. Note: Each time you display the Security setup page, the password fields will be populated with eight asterisks, regardless of whether there is a password or how long the password is. These asterisks provide extra security in that they prevent anyone from discerning the length of the password string and whether a look or touch password has been set. You do not need to erase the asterisks before applying changes, unless you want to remove the password.
Touch Password	The password for touch (read/write) access. After you change the touch password, you must log in again to gain touch access.
Confirm Password	Use this entry as verification when changing a password.
Inside Interfaces Outside Interfaces	Enable/disable access to the unit over the inside and/or outside interfaces (for example, ping, Telnet, or web access). When both the inside and outside interfaces are set to secure, access to the unit is available only via a console connection. The browser interface is disabled. unsecure enables unlimited access over the specified interface. secure blocks all access from the specified interface. list enables access to up to eight listed IP addresses, separated by spaces and/or commas. To specify a subnet, use the format: ipaddress:subnet_mask. Keep in mind that securing an interface means that queries such as DNS, SNTP, and Group Configuration Service (GCS) cannot be made via the secured interface. Consider using the list option and including these servers and your gateway in the list. If you plan on using direct or hot standby, do not set the outside interface to secure. For standby to work, each device must be able to communicate with the other device. If you set the outside interface to list, you must add the partner's IP address to the Outside security list. In the case of direct standby, the unit's own IP address must also be specified on the list. The Packeteer unit will not be able to process local ARP requests via a secured interface. If you secure the outside interface and your gateway is on the outside, a "gateway not found" message will be displayed in the login banner or on the info page. In this state, tasks such as upgrading the software image from a non-local address will be disabled.
Modem on Console	When this option is enabled, PacketWise will log out the console user if the modem drops its carrier connection. (Be sure to configure your modem to drop DSR when the call is disconnected.) For security reasons, set this option to on if you have a modem connected to the serial port. This setting forces a logout when the modem hangs up or the serial cable is disconnected. When this option is set to off, the console session will remain active until the user types exit at the command line. The session remains active even if the modem hangs up or if the serial cable is disconnected.
Offline Reports	If allow is selected, third-party applications can create graphs from your unit's data, without requiring authentication. If disallow is selected, external programs will not be able to create graphs from your data. Note: A Microsoft Word document that mimics the Network Performance Summary report is included on your unit's hard drive. See Save Reports as Word Files for details on using this document to create and save graphs.