FS6200 Server System Implementation Guide - Public Support ...
FS6200 Server System Implementation Guide - Public Support ...
FS6200 Server System Implementation Guide - Public Support ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Sample Commands<br />
• ChangeRulesForMCP ODTRDP 10.10.100.1/192.168.100.10-192.168.100.15<br />
This command changes the Unisys ODT (TCP-In) and Remote Desktop (TCP-In)<br />
firewall rules to enable connections from IP address 10.10.100.1 and the IP address<br />
range of 192.168.100.10 through 192.168.100.15, in addition to the remote IP<br />
addresses that are already defined in those rules.<br />
On any cell other than the I/O engine, only the Remote Desktop (TCP-In) rule is<br />
affected; the Unisys ODT (TCP-In) rule does not exist on the E-mode engine, systems<br />
management engine, or JProcessor Specialty Engine cells.<br />
As stated in the preceding Syntax subsection, the Remote IP addresses in the Unisys<br />
NGAgent (TCP-In), Windows Remote Management (HTTP-In), Unisys Windows<br />
Remote Management (HTTPS-In), DFS Management (DCOM-In), and DFS<br />
Management (WMI-In) rules will also be updated.<br />
• ChangeRulesForMCP ODTRDP 10.10.100.1<br />
This command changes the Unisys ODT (TCP-In) and Remote Desktop (TCP-In)<br />
firewall rules to enable connections from IP address 10.10.100.1 only. The existing<br />
Remote IP addresses in the rules are deleted because an action parameter is not<br />
specified in the syntax.<br />
• ChangeRulesForMCP CALLHOME 192.168.1.2#192.168.1.1<br />
This command affects the Unisys Call Home (TCP-In) rule. The local IP address (host)<br />
is changed to 192.168.1.2, and the remote IP address (I/O engine) is changed to<br />
192.168.1.1.<br />
• ChangeRulesForMCP HBA 10.10.100.1/192.168.100.10-192.168.100.15 keep<br />
This command causes the Unisys Configure HBA(TCP-In) to allow connections from IP<br />
addresses 10.10.100.1 and 192.168.100.10-192.168.100.15, as well as the Remote IP<br />
addresses that are already defined in the rule.<br />
• ChangeRulesForMCP DIAG 192.168.222.11-192.168.222.19/192.168.100.10-<br />
192.168.100.15 keep<br />
This command causes the FTP <strong>Server</strong> (FTP Traffic-In) and FTP <strong>Server</strong> Passive (FTP<br />
Passive Traffic-In) rules to allow connections from IP address ranges 192.168.222.11-<br />
192.168.222.19 and 192.168.100.10-192.168.100.15, as well as the Remote IP<br />
addresses that are already configured in those rules. The Local IP address is updated<br />
with the current IP address of the systems management engine.<br />
UnisysHarden_Rollback.ps1 Script<br />
Operating the <strong>Server</strong><br />
It is not recommended that you permanently roll back the most recently applied MCP<br />
Firmware Environment Policy. However, you might need to temporarily roll back this<br />
security policy to isolate problems. For those instances, the UnisysHarden_Rollback.ps1<br />
script is provided.<br />
Ensure that you reapply the policy using the Rollback.ps1 script after you complete your<br />
troubleshooting tasks.<br />
8222 3694–000 4–17