Nortel Switched Firewall Browser-Based Interface Users Guide
Introduction 13
216383-D October 2005
Enabling the BBI
You can enable the BBI for HTTP, HTTP and HTTPS, or you can fully disable the BBI. TIP:
The default setting for the BBI is enabled for HTTP access and disabled for HTTPS access.
NOTE – HTTP is not a secure protocol. All data (including passwords) between an HTTP
client and the Nortel Switched Firewall is not encrypted and is subject only to weak
authentication. If secure remote access is required, use HTTPS.
To explicitly allow remote BBI access, enter the following commands in the CLI:
To enable HTTP access:
To enable HTTPS access using SSL:
Generating a temporary certificate if using HTTPS
An SSL server certificate is required for HTTPS access to the BBI. The Firewall can generate
a temporary, self-signed certificate. Use the following commands to create a default certificate:
where Name is the common name that appears on the certificate, Country code is a two-letter
code (US for the United States of America, CA for Canada, JP for Japan, and so on), and Key
size is 512, 1024, or 2048 bits. For example:
NOTE – When you log in to the BBI with the temporary certificate, you are warned that the
certificate is not signed or authenticated. Permit use of the temporary certificate only during
initial configuration, where the system is not attached to active networks that can be a source
of attack. Install a signed and authenticated certificate prior to connecting any untrusted
network.
>> # /cfg/sys/adm/web/http/ena
>> # /cfg/sys/adm/web/ssl/ena
>> SSL configuration# certs/serv/gen <Name> <Country code> <Key size>
Do you want to generate a self-signed certificate with the generated
Key? y
>> SSL configuration# certs/serv/gen Nortel US 1024
