ntls ipcheck enable

Enable client source IP address validation by NTLS upon an NTLA client connection. The checking is enabled by default. The best security of your client-to-SA link is in force when ipcheck remains enabled. Keep it enabled if you have do not have network address translation (NAT) between your client(s) and the Luna Network HSM 7 appliance, or other situations where the ipcheck interferes with operation.

NOTE   If the client certificate was created and registered to the appliance using a hostname that can be resolved by the DNS, ntls ipcheck performs a DNS lookup using the registered hostname and compares the resolved IP to the source IP. In this case, ipcheck succeeds even if the client's actual IP changes.

User Privileges

Users with the following privileges can perform this command:

>Admin

>Operator

Syntax

ntls ipcheck enable

Example

lunash:>ntls ipcheck enable
NTLS client source IP validation enabled Command Result : 0 (Success)