ntls ipcheck enable

Enable client source IP address validation by NTLS upon an NTLA client connection. The checking is enabled by default. The best security of your client-to-SA link is in force when ipcheck remains enabled. Keep it enabled if you have do not have network address translation (NAT) between your client(s) and the Luna Network HSM 7 appliance, or other situations where the ipcheck interferes with operation.

NOTE If the client certificate was created and registered to the appliance using a hostname that can be resolved by the DNS, ntls ipcheck performs a DNS lookup using the registered hostname and compares the resolved IP to the source IP. In this case, ipcheck succeeds even if the client's actual IP changes.

User Privileges

Users with the following privileges can perform this command:

>Admin

>Operator

Syntax

ntls ipcheck enable

Example

lunash:>ntls ipcheck enable
NTLS client source IP validation enabled

Command Result : 0 (Success)



	SUPPORT	LEGAL
Luna Network HSM 7 Documentation © Copyright 2001-2024, Thales Group Last Updated: 2024-05-03 15:32:49 GMT-04:00	Customer Release Notes Customer Support Portal Support Contacts	End User License Agreement Third Party Software Licenses Document Information