IP Filter

IP filtering works with a WhiteList, only allowing clients from IP addresses on the list to open a session in the HSM. If IP filtering is enabled, any attempt to connect or open a session with a source IP address not on the list will be denied. When filtering is disabled, the list is ignored.

In addition to filtering connections to the HSM by source IP address, it is also possible to filter by user, i.e. determine that a given user can only open a session with the HSM when they have a given source IP address.

The IP addresses entered must be host IPs, subnet IPs are not accepted.

The syntax for creating filter entries is [usr@]{ip}where usr is the name of the HSM user and ip is the authorized source IP address for the user. The character @ is used as a separator.

Note that the list is inclusive, meaning that if a user's connection attempt from a source IP is not on the list of entries in the enabled filter, the connection is denied. The IP filter is intended for client sessions and does not cover connections between replicating HSMs.

IP filter configuration

IP filter configuration