We need to access the CIMC over internet for some remote servers (like we did DRAC,ILO in past) and they are in standalone mode ...no UCSM hook in...need to lockdown/harden  access of CIMC as far as possible especially web...saw some ip blocking feature...more like thwart brute force i guess ...but nothing more..restricting source ips  seems more of a UCSM thing i guess...please correct if amiss!

Any features to harden  web access to CIMC appreciated for standalone severs...enablement of hardening can be from CLI also or any means

Appreciate

There is IP Blocking built into the system, but it doesn't appear to do what you need, though the User Guide kinda contradicts this:

http://www.cisco.com/en/US/docs/unified_computing/ucs/c/sw/gui/config/guide/1.5/b_Cisco_UCS_C-series_GUI_Configuration_Guide.151_chapter_01000.html#concept_AC4EC4E9FA3F4536A26BAD49734F23D0

IP blocking  prevents the connection between a  server or website and certain IP addresses or ranges of addresses. IP  blocking effectively bans undesired connections from those computers to a  website, mail server, or other Internet servers.

If WAN access needs to be hardened properly you'll want to use a firewall or ACLs to really be secured. 

Let me look into whether or not we're adding IP filtering in a future release.

Regards,

Robert

Appreciate !...i did however think ipblocking for standalone was more as lockout for bruteforce ...and yes the manual is ambivalent..maybe it talks about UCSM based management pool access ...which is not the case for standalone!

so yes really left wondering ..ACLs at network level was something we consider as a frontline but also wanted something at host level...

is there somethign specific in this that helps with my question ...am i amiss?  Appreciate inputs