A repost...
Cordially,
Leslie A. Clark
IBM Global Services - Systems Mgmt & Networking
Detroit
NV-L@UCSBVM.UCSB.EDU on 08/24/98 01:16:58 PM
Please respond to NV-L@UCSBVM.UCSB.EDU
To: NV-L@UCSBVM.UCSB.EDU
cc:
Subject: Re: NV V5 - Firewall/Routing table -Reply
We are also using NetView to manage devices that are external to our
firewall. As far as I know, NetView is not aware that address translation
is going on at all. It will only see the "real" IP addresses and networks.
You will need to define an address for your NetView server, as Hal
mentioned, so that the devices outside the firewall can communicate with
the
NetView box for things like sending traps, etc. The biggest problem we had
implementing network management was that a lot of static routes had to be
added. NetView needs a route to every IP subnet just so it can ping the IP
addresses on the router interfaces. The actual user traffic flowing
through
your firewall network only needs routes to get from one end to the other.
It does not need a route for every hop in between, so you will need to add
more routes if you want NetView to be able to monitor every device and
interface.
-----Original Message-----
From: Hal Dorsman [SMTP:DORSMANH@SPH.HBOCVAN.COM]
Sent: Monday, August 24, 1998 11:41
To: NV-L@UCSBVM.UCSB.EDU
Subject: NV V5 - Firewall/Routing table -Reply
Netview can handle external networks/hosts through a firewall just
fine.
Simply define a route on your Netview box to the external network
with
your firewall as the gateway. Define a translated address for your
Netview box on your firewall so it can be seen from the outside.
Your
external router will have to have the address of your Netview
station
with your firewall as your gateway so your router will know how to
find
your internal Netview box. Add a rule in your firewall allowing
SNMP
from your external networks to your translated address for your
Netview station. Add a rule allowing SNMP out from your Netview
box
to
your external networks.
You didn't say what firewall, but I am using Checkpoint Firewall-1
and am
running Netview through it to monitor several remote frame-relay
WAN
sites. Works great.
Let me know if you have any problems.
Hal Dorsman
Network Adminstrator
Saint Patrick Hospital
Missoula, Montana, USA
>>> "Kirsten S, Campbell" <Kirsten.Campbell@NAUTEC.CWPLC.COM>
08/24/98 10:50am >>>
All (Could someone please send me an ACK if they receive this),
We are installing firewalls, and will now have to monitor
external
customers networks.
My question is: How do Netview cope with the routing tables,
when
we
are doing address translation in the Firewall??
Will Netview try and link "address translated"
objects with
the "real" objects, using the router table in the "address
translated"
object???
Thanks for any help given.
Kirsten
|