Configuration Examples‎ > ‎HP / HPE‎ > ‎Comware v5‎ > ‎

Hardening Comware 5 Devices

I recently had to harden some Comware 5 devices, restricted access to SSH & HTTPS, and use ACL's to protect the VTY interfaces.

There are some guides available from HP:



I recommend that you follow the above guides to ensure the device is correctly hardened, below is a quick cheat guide for some of the concepts.

Restrict access to encrypted sessions only 

- to only allow HTTPS and SSH, so basically disable Telnet & HTTP.

How to disable HTTP and Telnet
undo ip http server enable
undo telnet server enable

How to enable HTTPS and SSH
ip https enable
ssh server enable

Restrict SSH only on VTY interface
user-interface vty 0 4
protocol inbound ssh

Use an ACL to restrict SSH & HTTPS access from specific hosts & networks

I would always recommend restricting access using an ACL, especially if your device is public facing.

First, create an ACL, and configure the hosts or networks that you want to allow access from. The example below, enables connections from the host 1.2.3.4, and from the networks 10.0.0.0/8 and 192.168.0.0/16

acl number 2050
 rule 5 permit source 1.2.3.4 0
 rule 10 permit source 10.0.0.0 0.255.255.255
 rule 15 permit source 192.168.0.0 0.0.255.255

Then apply your ACL's to https and ssh sessions.

ip https acl 2050
user-interface vty 0 4
 acl 2050 inbound