Configuring Management Central Connections for Firewall Environments

This report details Management Central connections and the configurations required to enable Management Central to operate within a variety of firewall environments as of v5r3. As a distributed management application, Management Central requires numerous incoming and outgoing TCP/IP socket connections. In contrast, the basic premise of a firewall is to restrict/modify incoming and outgoing connections. To assist in configuring Management Central within a firewall environment, this report discusses the nature and orientation of Management Central connections and the restrictions of specific types of firewalls that limit or disable some Management Central connections. Both Static Network Address Translation (NAT) and Dynamic NAT will be discussed. Three basic firewall environments will be described along with the configuration required to enable Management Central to operate properly within each environment. These basic environments and associated configurations are intended to be used as a guide to enable Management Central in more complex firewall environments.

Terminology
Defines important terms that will be used throughout this report.

Management Central Connections
Describes the different connections that are made between the Graphical Client and the Management Central servers. Groups the applications by those that use each of the connections.

Management Central Firewall Quick Reference

A chart listing the ports that need to be opened in your firewalls in order to get Management Central to work in a simple case (not valid if network address translation is being used).

Management Central Limitations due to Network Address Translation
Describes static and dynamic network address translation and how these types of address translation affect Management Central.

Scenario 1 - Graphical Client Protected by a Firewall
Details configuration required to enable Management Central when the Graphical Client is protected by a firewall from the rest of the network.

Scenario 2 - Central System Protected by a Firewall
Details configuration required to enable Management Central when the Central System and Endpoint System Servers are protected by a common firewall from Graphical Clients and the rest of the network.

Scenario 3 - Endpoint Systems Protected by a Firewall
Details configuration required to enable Management Central when the Endpoint System Servers are protected by a common firewall from the Central System, Source System and the rest of the network.

View this report
PDF version (426 KB)
(Web only)

Authors
Andy Streit
Brad Behle

Published date
May 2004