[Top] [All Lists]

Re: MLM's and Firewalls

To: nv-l@lists.tivoli.com
Subject: Re: MLM's and Firewalls
From: Jane Curry <jane.curry@skills-1st.co.uk>
Date: Mon, 23 Apr 2001 07:58:42 +0100
We have tried this.  We wanted both monitoring and discovery through a
packet-filtering firewall.  We hoped to be able to JUST open udp/161 and
udp/162, and monitor devices using SNMP from NetView and/or using ping from
MLM - ie. ping was blocked at the firewall.

Tracing what happened, the MLM discovered devices on its own side of the
firewall and sent that info to NetView via UDP/161 - OK so far.
Unfortunately, NetView will not admit thoses devices into the object database
until it has succeeded in ping'ing them (which it cannot do).  We watched the
MLM-discovered devices just going further down the NetView ping-poll queue.

So, the answer to your question if you want status and discovery, is that you
need to open the SNMP ports (with unrestricted high port access for the
"source" port), AND ping.

Anyone else with experience in this area - I'd love to share stories.  MLM
seems like the right architectural solution to solve many of these firewall
issues, but it's not quite there yet....


reamd@Nationwide.com wrote:

> Hello All,
>                 Can anyone tell me what ports need to be enabled through
> the firewall for MLM's and Netview communications?  Thanks in advance for
> your response..
> _________________________________________________________________________
> NV-L List information and Archives: http://www.tkg.com/nv-l

Tivoli Certified Enterprise Consultant & Instructor
Skills 1st Limited, 2 Cedar Chase, Taplow, Bucks, SL6 0EU, UK
Tel: +44 (0)1628 782565
Copyright (c) 2001 Jane Curry <jane.curry@skills-1st.co.uk>.  All rights

<Prev in Thread] Current Thread [Next in Thread>

Archive operated by Skills 1st Ltd

See also: The NetView Web