interface harden

Description

Use the interface harden command to enable hardening for this WAN interface.

Use the no form of this command to disable hardening for this WAN interface.

Syntax

interface <interface name> harden

no interface <interface name> harden

Arguments

<interface name>

Specifies the name of this interface.

Defaults

None.

Command Mode

Global Configuration Mode

See Also

See “show interfaces”.

Usage Guidelines

WAN hardening is an option that provides additional protection against unsafe connections from remote sites. When WAN hardening is enabled, only traffic arriving from a Silver Peak IPsec tunnels is allowed to enter.

When Silver Peak appliances are deployed in Router Mode, you have the option of hardening any WAN–side interface. This means:

n	For traffic inbound from the WAN, the appliance only accepts encapsulated traffic arriving from another Silver Peak appliance, via an IPsec tunnel. All other connections are rejected.

n	For traffic outbound to the WAN, the appliance only allows IPsec tunnel packets and management traffic.

n	Any data from the internet that gets backhauled via a Silver Peak IPSec tunnel will reach its destination at the hardened sites. This allows for integration with other security tools, such as firewalls, at the data center.

n	Data sourced directly from the internet, or any other connection that doesn’t flow through a Silver Peak IPsec tunnel, is discarded when it hits the hardened interface. Only data from authenticated Silver Peak IPsec tunnels is allowed to pass across a hardened interface.

Examples

None.

Please send comments or suggestions regarding user documentation to techpubs@silver-peak.com.