Cisco Cisco Expressway Maintenance Manual
By default, access via HTTPS and SSH is enabled. For optimum security, disable HTTPS and SSH and use
the serial port to manage the system. Because access to the serial port allows the password to be reset, we
recommend that you install the Expressway in a physically secure environment.
the serial port to manage the system. Because access to the serial port allows the password to be reset, we
recommend that you install the Expressway in a physically secure environment.
HTTP Strict Transport Security (HSTS)
HTTP Strict Transport Security (HSTS) provides a mechanism where a web server forces a web browser to
communicate with it using secure connections only.
communicate with it using secure connections only.
As of October 2012, this mechanism is supported by the following browsers:
n
Chrome, versions 4.0.211.0 and later
n
Firefox, versions 4 and later
When HSTS is enabled, a browser that supports HSTS will:
n
Automatically turn any insecure links to the website into secure links (for example,
http://example.com/page/
http://example.com/page/
is modified to https://example.com/page/ before accessing the
server).
n
Only allow access to the server if the connection is secure (for example, the server's TLS certificate is
valid, trusted and not expired).
valid, trusted and not expired).
Browsers that do not support HSTS will ignore the Strict-Transport-Security header and work as before. They
will still be able to access the server.
will still be able to access the server.
Note that compliant browsers only respect Strict-Transport-Security headers if they access the server
through its fully qualified name (rather than its IP address).
through its fully qualified name (rather than its IP address).
Configuring SNMP settings
The
SNMP
page (
System > SNMP
) is used to configure the Expressway's SNMP settings.
Tools such as Cisco TMS or HP OpenView may act as SNMP Network Management Systems (NMS). They
allow you to monitor your network devices, including the Expressway, for conditions that might require
administrative attention.
allow you to monitor your network devices, including the Expressway, for conditions that might require
administrative attention.
The information made available by the Expressway includes the following:
n
system uptime
n
system name
n
location
n
contact
n
interfaces
n
disk space, memory, and other machine-specific statistics
By default, SNMP is Disabled, therefore to allow the Expressway to be monitored by an SNMP NMS
(including Cisco TMS), you must select an alternative SNMP mode. The configurable options are:
(including Cisco TMS), you must select an alternative SNMP mode. The configurable options are:
Cisco Expressway Administrator Guide (X8.2)
Page 36 of 378
Network and system settings
Network services