I recently had to harden some Comware 5 devices, restricted access to SSH & HTTPS, and use ACL's to protect the VTY interfaces.
There are some guides available from HP:
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c03536920
https://www.hpe.com/h20195/v2/getpdf.aspx/4AA4-4160ENW.pdf?ver=2
I recommend that you follow the above guides to ensure the device is correctly hardened, below is a quick cheat guide for some of the concepts.
Restrict access to encrypted sessions only
- to only allow HTTPS and SSH, so basically disable Telnet & HTTP.
How to disable HTTP and Telnet
undo ip http server enableundo telnet server enableHow to enable HTTPS and SSH
ip https enablessh server enableRestrict SSH only on VTY interface
user-interface vty 0 4protocol inbound sshUse an ACL to restrict SSH & HTTPS access from specific hosts & networks
I would always recommend restricting access using an ACL, especially if your device is public facing.
First, create an ACL, and configure the hosts or networks that you want to allow access from. The example below, enables connections from the host 1.2.3.4, and from the networks 10.0.0.0/8 and 192.168.0.0/16
acl number 2050 rule 5 permit source 1.2.3.4 0 rule 10 permit source 10.0.0.0 0.255.255.255 rule 15 permit source 192.168.0.0 0.0.255.255Then apply your ACL's to https and ssh sessions.
ip https acl 2050user-interface vty 0 4 acl 2050 inbound