Configuring Management Central Connections for Firewall Environments
This report details Management Central connections
and the configurations required to enable
Management Central to operate within a variety
of firewall environments as of v5r3. As a
distributed management application, Management
Central requires numerous incoming and outgoing
TCP/IP socket connections. In contrast, the
basic premise of a firewall is to restrict/modify
incoming and outgoing connections. To assist
in configuring Management Central within
a firewall environment, this report discusses
the nature and orientation of Management
Central connections and the restrictions
of specific types of firewalls that limit
or disable some Management Central connections.
Both Static Network Address Translation (NAT)
and Dynamic NAT will be discussed. Three
basic firewall environments will be described
along with the configuration required to
enable Management Central to operate properly
within each environment. These basic environments
and associated configurations are intended
to be used as a guide to enable Management
Central in more complex firewall environments.
Terminology
Defines important terms that will be
used
throughout this report.
Management Central Connections
Describes the different connections
that
are made between the Graphical Client
and
the Management Central servers. Groups
the
applications by those that use each
of the
connections.
Management Central Firewall Quick Reference
A chart listing the ports that need to be
opened in your firewalls in order to get
Management Central to work in a simple case
(not valid if network address translation
is being used).
Management Central Limitations due to Network
Address Translation
Describes static and dynamic network address
translation and how these types of address
translation affect Management Central.
Scenario 1 - Graphical Client Protected by
a Firewall
Details configuration required to enable
Management Central when the Graphical
Client
is protected by a firewall from the
rest
of the network.
Scenario 2 - Central System Protected by
a Firewall
Details configuration required to enable
Management Central when the Central
System
and Endpoint System Servers are protected
by a common firewall from Graphical
Clients
and the rest of the network.
Scenario 3 - Endpoint Systems Protected by
a Firewall
Details configuration required to enable
Management Central when the Endpoint
System
Servers are protected by a common firewall
from the Central System, Source System
and
the rest of the network.
|
|
View this report
PDF version (426 KB) (Web only)
Authors
Andy Streit
Brad Behle
Published date
May 2004
|