nv-l
[Top] [All Lists]

Re: Moving Netview behind a Cisco PIX Firewall

To: nv-l@lists.tivoli.com
Subject: Re: Moving Netview behind a Cisco PIX Firewall
From: Dave Shiels <dshiels@earthlink.net>
Date: Tue, 22 May 2001 14:06:26 -0700
Isolating the management network is the right thing to do.  All traffic can
run in the open and if you need to jump domains a good firewall system can
be employed with what ever restriction. I love it when I can work on a 
system that has a management network not at risk to the internet. We design
data centers with this in mind.

Make sure nobody has IP forward set though.

good call Chuyen 

chuynh@fr.ibm.com wrote:
> 
> There are some guide lines:
> - Change the IP address of you NetView referenced in every managed node
> (trap)
> - Ask your firewall administrator to allow ping and snmp from your NetView
> server (any, NetView host).
> 
> The firewall administrator will mention the ping of death as a deny attack
> and that snmp communities run on clear text on the network.
> 
> There is always a price to pay. We dedicated a administrative network for
> SNMP, Tivoli, etc. and isolate it from normal flows that do not accept SNMP
> nor ping.
> 
> Chuyen HUYNH
> Tivoli certified Consultant, IBM certified Architect, Microsoft Certified
> System Engineer
> 
> chuynh@fr.ibm.com
> 
> Mobile : (33) 670 014 929.
> Office: (33) 149 053 686 / 338636
> 
> Tour Descartes, La Defense 5, 92066 La Defense
> FRANCE
> 
> 
>  (Embedded
>  image moved to "Tesfai, Menghis"
>  file:          <Menghis.Tesfai@PictureVision.com>
>  pic00402.pcx)  22/05/2001 21:04
> 
> 
> Please respond to IBM NetView Discussion <nv-l@tkg.com>
> 
> To:   "'IBM NetView Discussion'" <nv-l@tkg.com>
> cc:
> Subject:  RE: [NV-L] Moving Netview behind a Cisco PIX Firewall
> 
> Let me restate my question.
> 
> We are looking to change the IP address on the server that hosts Netview.
> If you could guide me to a URL or send me some documentation relating to
> this, I would appreciate it.
> 
> Thanks,
> 
> Menghis
> 
> -----Original Message-----
> From: chuynh@fr.ibm.com [mailto:chuynh@fr.ibm.com]
> Sent: Tuesday, May 22, 2001 5:39 AM
> To: IBM NetView Discussion
> Subject: Re: [NV-L] Moving Netview behind a Cisco PIX Firewall
> 
> Yes. We have a  NV 6.2 on AIX server that manages CheckPoint Firewall-1,
> Cisco PIX, Cisco Catalyst and Alteon AD4.
> It works fine.
> As it is a touchy topic, may you be more precise on your request ?
> 
> Chuyen HUYNH
> Tivoli certified Consultant, IBM certified Architect, Microsoft Certified
> System Engineer
> 
> chuynh@fr.ibm.com
> 
> Mobile : (33) 670 014 929.
> Office: (33) 149 053 686 / 338636
> 
> Tour Descartes, La Defense 5, 92066 La Defense
> FRANCE
> 
>  (Embedded
>  image moved to "Tesfai, Menghis"
>  file:          <Menghis.Tesfai@PictureVision.com>
>  pic27639.pcx)  21/05/2001 18:40
> 
> Please respond to IBM NetView Discussion <nv-l@tkg.com>
> 
> To:   "'IBM NetView Discussion'" <nv-l@tkg.com>
> cc:
> Subject:  [NV-L] Moving Netview behind a Cisco PIX Firewall
> 
> Hello,
> 
> Has anyone gone through the exercise of moving Netview behind a firewall. I
> am currently running Netview V5 on a Solaris 2.6 machine.
> 
> If you could guide me to a URL or send me some documentation relating to
> this, I would appreciate it.
> 
> Thanks,
> 
> Menghis
> _________________________________________________________________________
> NV-L List information and Archives: http://www.tkg.com/nv-l
> 
> _________________________________________________________________________
> NV-L List information and Archives: http://www.tkg.com/nv-l
> 
>   
> --------------------------------------------------------------------------------
>                    Name: pic00402.pcx


<Prev in Thread] Current Thread [Next in Thread>

Archive operated by Skills 1st Ltd

See also: The NetView Web