ntls ipcheck enable
Enable client source IP address validation by NTLS upon an NTLA client connection. The checking is enabled by default. The best security of your client-to-SA link is in force when ipcheck remains enabled. Keep it enabled if you have do not have network address translation (NAT) between your client(s) and the Luna Network HSM 7 appliance, or other situations where the ipcheck interferes with operation.
NOTE If the client certificate was created and registered to the appliance using a hostname that can be resolved by the DNS, ntls ipcheck performs a DNS lookup using the registered hostname and compares the resolved IP to the source IP. In this case, ipcheck succeeds even if the client's actual IP changes.
User Privileges
Users with the following privileges can perform this command:
>Admin
>Operator
Syntax
ntls ipcheck enable
Example
lunash:>ntls ipcheck enable
NTLS client source IP validation enabled Command Result : 0 (Success)