A port policy allows you to control access by only opening specific ports on a host. The system provides the following default port policies, which cannot be edited or deleted.
Host Node Default Policy—Associated with all hosts in the system. You cannot add or delete associated hosts.
Management Node Default Policy—Associated with the management nodes in the system. You cannot add or delete associated hosts.
If the backup host where the current management platform is deployed fails and another host is used to restore the backup host, the system will retain the default rules after installation. If port hardening is enabled on the system and a non default policy is associated with the backup host or port hardening is disabled, the port policy configured from the management platform is inconsistent with that configured from the CLI of the host. You must reconfigure port hardening on the management platform.
Port hardening takes effect only on IPv4 addresses.
If the IP address of the current management node has changed, the port policy configured on the Web interface will become inconsistent with the policy configured at the CLI of the node. You must restart the management node or restart the Tomcat service from the CLI of the node.
On the top navigation bar, click Services.
From the left navigation pane, select Security > Port Policies.
Click Add.
Configure the parameters as described in "Parameters."
Click OK.
On the top navigation bar, click Services.
From the left navigation pane, select Security > Port Policies.
Click Edit in the Actions column for a port policy.
Edit the parameters as needed.
Click OK.
On the top navigation bar, click Services.
From the left navigation pane, select Security > Port Policies.
Click Delete in the Actions column for a port policy.
In the dialog box that opens, click OK.
You cannot delete the default service node policy or management node policy.
On the top navigation bar, click Services.
From the left navigation pane, select Security > Port Policies.
Select the target port policies, and then click Delete on top of the port policy list.
In the dialog box that opens, click OK.
On the top navigation bar, click Services.
From the left navigation pane, select Security > Port Policies.
Click the toggle button next to Port Hardening.
In the dialog box that opens, click OK.
On the top navigation bar, click Services.
From the left navigation pane, select Security > Port Policies.
Click the toggle button next to Port Hardening.
In the dialog box that opens, click OK.
Perform this task to deploy a port policy to a host and enable the specified ports on that host.
On the top navigation bar, click Services.
From the left navigation pane, select Security > Port Policies.
Click Associate Host in the Actions column for a port policy.
Select a host, and then click OK.
After you add a host to a port policy, the port policy will be applied to that host and the specified ports will be open. You can associate a port policy with all hosts, all management nodes, all service nodes, or the selected hosts.
On the top navigation bar, click Services.
From the left navigation pane, select Security > Port Policies.
Select a port policy, and then click Add next to the Associated Hosts field.
Select a host, and then click OK.
You cannot remove the association between the hosts and their associated default service node policy or management node policy.
On the top navigation bar, click Services.
From the left navigation pane, select Security > Port Policies.
Select a port policy and then click Remove next to the Associated Hosts field, and then click Remove in the Actions column for a host in the associated host list.
In the dialog box that opens, click OK.
If a port policy is associated with multiple hosts, you can perform this task to bulk remove the association between that port policy and the target hosts. You cannot remove the association between the hosts and their associated default service node policy or management node policy.
On the top navigation bar, click Services.
From the left navigation pane, select Security > Port Policies.
Select the target port policy, select the target hosts in the associated host list, and then click Remove next to the Associated Hosts field.
In the dialog box that opens, click OK.
If a port policy changes, you can perform this task to synchronize that policy to the target associated hosts.
On the top navigation bar, click Services.
From the left navigation pane, select Security > Port Policies.
Select a port policy, select the target hosts in the associated host list, and then click Sync next to the Associated Hosts field.
Perform this task for the system to re-deploy a port policy to a host if the system fails to deploy the port policy to that host.
On the top navigation bar, click Services.
From the left navigation pane, select Security > Port Policies.
Select a port policy in the port policy list, select a host in the associated host list, and then click Repair next to the Associated Hosts field.
Wait for the system to complete repairing the host. The system will display a message that the target host has been repaired successfully.
Name: Specify a port policy name. The value can contain only Chinese characters, letters, digits, hyphens (-), underlines (_), spaces, and dots (.), and cannot contain only spaces.