125 lines
4.7 KiB
HTML
125 lines
4.7 KiB
HTML
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||
|
<HTML>
|
||
|
<HEAD><META http-equiv="Content-Type" content="text/html; charset=utf-8">
|
||
|
<TITLE>Configuring Management Central Connections for Firewall Environments</TITLE>
|
||
|
<meta name="Copyright" content="Copyright (c) 2004 by IBM Corporation">
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<LINK rel="stylesheet" type="text/css" href="../rzahg/ic.css">
|
||
|
</HEAD>
|
||
|
<BODY>
|
||
|
<!-- Java sync-link -->
|
||
|
<SCRIPT LANGUAGE="Javascript" SRC="../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>
|
||
|
|
||
|
|
||
|
|
||
|
<img height="38" src="mastertitlesmall.gif" width="291" alt="">
|
||
|
<A NAME="Top_Of_Page"></A>
|
||
|
<table width="100%">
|
||
|
<TBODY>
|
||
|
<TR>
|
||
|
<td><A NAME="HDRPARENT"></A>
|
||
|
<H2>Configuring Management Central Connections for Firewall Environments</H2>
|
||
|
<P>This report details Management Central connections
|
||
|
and the configurations required to enable
|
||
|
Management Central to operate within a variety
|
||
|
of firewall environments as of v5r3. As a
|
||
|
distributed management application, Management
|
||
|
Central requires numerous incoming and outgoing
|
||
|
TCP/IP socket connections. In contrast, the
|
||
|
basic premise of a firewall is to restrict/modify
|
||
|
incoming and outgoing connections. To assist
|
||
|
in configuring Management Central within
|
||
|
a firewall environment, this report discusses
|
||
|
the nature and orientation of Management
|
||
|
Central connections and the restrictions
|
||
|
of specific types of firewalls that limit
|
||
|
or disable some Management Central connections.
|
||
|
Both Static Network Address Translation (NAT)
|
||
|
and Dynamic NAT will be discussed. Three
|
||
|
basic firewall environments will be described
|
||
|
along with the configuration required to
|
||
|
enable Management Central to operate properly
|
||
|
within each environment. These basic environments
|
||
|
and associated configurations are intended
|
||
|
to be used as a guide to enable Management
|
||
|
Central in more complex firewall environments.</P>
|
||
|
<BLOCKQUOTE>
|
||
|
<P><STRONG>Terminology</STRONG> <BR>
|
||
|
Defines important terms that will be
|
||
|
used
|
||
|
throughout this report.<BR><BR>
|
||
|
<STRONG>Management Central Connections</STRONG> <BR>
|
||
|
Describes the different connections
|
||
|
that
|
||
|
are made between the Graphical Client
|
||
|
and
|
||
|
the Management Central servers. Groups
|
||
|
the
|
||
|
applications by those that use each
|
||
|
of the
|
||
|
connections.<STRONG><BR>
|
||
|
<BR>
|
||
|
Management Central Firewall Quick Reference</STRONG> <BR>
|
||
|
A chart listing the ports that need to be
|
||
|
opened in your firewalls in order to get
|
||
|
Management Central to work in a simple case
|
||
|
(not valid if network address translation
|
||
|
is being used).<BR>
|
||
|
<BR>
|
||
|
<STRONG>Management Central Limitations due to Network
|
||
|
Address Translation</STRONG> <BR>
|
||
|
Describes static and dynamic network address
|
||
|
translation and how these types of address
|
||
|
translation affect Management Central.<BR>
|
||
|
<BR>
|
||
|
<STRONG>Scenario 1 - Graphical Client Protected by
|
||
|
a Firewall</STRONG><BR>
|
||
|
Details configuration required to enable
|
||
|
Management Central when the Graphical
|
||
|
Client
|
||
|
is protected by a firewall from the
|
||
|
rest
|
||
|
of the network.<BR>
|
||
|
<BR>
|
||
|
<STRONG>Scenario 2 - Central System Protected by
|
||
|
a Firewall</STRONG> <BR>
|
||
|
Details configuration required to enable
|
||
|
Management Central when the Central
|
||
|
System
|
||
|
and Endpoint System Servers are protected
|
||
|
by a common firewall from Graphical
|
||
|
Clients
|
||
|
and the rest of the network.<BR>
|
||
|
<BR>
|
||
|
<STRONG>Scenario 3 - Endpoint Systems Protected by
|
||
|
a Firewall</STRONG> <BR>
|
||
|
Details configuration required to enable
|
||
|
Management Central when the Endpoint
|
||
|
System
|
||
|
Servers are protected by a common firewall
|
||
|
from the Central System, Source System
|
||
|
and
|
||
|
the rest of the network.<BR>
|
||
|
</P>
|
||
|
</BLOCKQUOTE>
|
||
|
</td>
|
||
|
<td><img src="icblank.gif" alt=""></td>
|
||
|
<td VALIGN=top nowrap=""><FONT SIZE=2><b>View this report</b><br>
|
||
|
<img src="filetype.gif" alt=""><a href="mcfirewall.pdf" target="_">PDF version</a> (426 KB)<br>(Web only)</font>
|
||
|
<p><FONT size="2"><b>Authors</b><br>
|
||
|
Andy Streit<br>
|
||
|
Brad Behle<br>
|
||
|
</FONT>
|
||
|
<p><FONT size="2"><b>Published date</b><br>
|
||
|
May 2004</FONT>
|
||
|
</td>
|
||
|
</TR>
|
||
|
</TBODY>
|
||
|
</table>
|
||
|
</BODY>
|
||
|
</HTML>
|
||
|
|