Cisco Cisco Email Security Appliance C190 テクニカルリファレンス
3-66
CLI Reference Guide for AsyncOS 9.6 for Cisco Email Security Appliances
Chapter 3 The Commands: Reference Examples
General Management/Administration/Troubleshooting
•
Delete all existing allowed proxy IP addresses
•
Configure the header name that contains origin IP address
•
Enable or disable web interface Cross-Site Request Forgeries protection
•
Check whether web interface Cross-Site Request Forgeries protection is enabled
•
Configure web interface session timeout
•
Configure CLI session timeout
Example - Configuring Network Access List
You can control from which IP addresses users access the Email Security appliance. Users can access
the appliance from any machine with an IP address from the access list you define. When creating the
network access list, you can specify IP addresses, subnets, or CIDR addresses.
the appliance from any machine with an IP address from the access list you define. When creating the
network access list, you can specify IP addresses, subnets, or CIDR addresses.
AsyncOS displays a warning if you do not include the IP address of your current machine in the network
access list. If your current machine’s IP address is not in the list, it will not be able to access the appliance
after you commit your changes.
access list. If your current machine’s IP address is not in the list, it will not be able to access the appliance
after you commit your changes.
In the following example, network access to the appliance is restricted to two sets of IP addresses:
mail.example.com> adminaccessconfig
Choose the operation you want to perform:
- BANNER - Configure login message (banner) for appliance administrator login.
- WELCOME - Configure welcome message (post login message) for appliance administrator
login.
- IPACCESS - Configure IP-based access for appliance administrative interface.
- CSRF - Configure web UI Cross-Site Request Forgeries protection.
- HOSTHEADER - Configure option to use host header in HTTP requests.
- TIMEOUT - Configure GUI and CLI session inactivity timeout.
[]> ipaccess
Current mode: Allow All.
Please select the mode:
- ALL - All IP addresses will be allowed to access the administrative interface.
- RESTRICT - Specify IP addresses/Subnets/Ranges to be allowed access.
- PROXYONLY - Specify IP addresses/Subnets/Ranges to be allowed access through proxy.
adminaccessconfig ipaccess proxylist clear
adminaccessconfig ipaccess proxy-header <header name>
adminaccessconfig csrf <enable|disable>
adminaccessconfig csrf print
adminaccessconfig timeout gui <value>
adminaccessconfig timeout gui <value>