LOM configuration
We recommend that the following measures are taken to secure the LOM interface:
- Do not expose the LOM port to the Internet.
- Deploy the LOM behind an SPI firewall.
- Deploy the LOM onto a network segment that is separated either logically (separate VLAN) or physically (separate LAN) from an untrusted network traffic.
- Set different user name, password, SSL-certificate, and SSL-key values for the LOM and the NetScaler management ports.
- Ensure that devices used to access the LOM management interface are exclusively dedicated to a network-management purpose and placed on a management network segment that is in the same physical LAN or VLAN as other management device ports.
- To easily identify and isolate LOM IP addresses, reserve special IP addresses (private subnets) for LOM management interfaces and management servers. Do not use reserved IP subnets with LAN interfaces of the managed NetScaler. Dynamic IP addresses assigned by DHCP are not recommended, because they make it difficult to implement firewall Access Control Lists based on a MAC address outside of the LAN segment.
- Set the password for a minimum of 8 characters, with a combination of alphanumeric and special characters. Change the password frequently.
LOM configuration
In this article
Copied!
Failed!