nv-l
[Top] [All Lists]

RE: Moving Netview behind a Cisco PIX Firewall

To: nv-l@lists.tivoli.com
Subject: RE: Moving Netview behind a Cisco PIX Firewall
From: "Leslie Clark" <lclark@us.ibm.com>
Date: Wed, 23 May 2001 09:36:57 -0400
The  caveat is about changing the identity of the box as it is known to the
Framework.
You can change the domain, as long as the name resolution, as far as
Framework
and Netview know, is still the same. So if you are using the short name in
/etc/hosts
you should be ok. You may be able to get away with adding aliases, but you
will
be getting onto thin ice in my opinion.

Cordially,

Leslie A. Clark
IBM Global Services - Systems Mgmt & Networking
(248) 552-4968 Voicemail, Fax, Pager


reamd@nationwide.com@tkg.com on 05/23/2001 08:42:33 AM

Please respond to IBM NetView Discussion <nv-l@tkg.com>

Sent by:  owner-nv-l@tkg.com


To:   IBM NetView Discussion <nv-l@tkg.com>
cc:
Subject:  RE: [NV-L] Moving Netview behind a Cisco PIX Firewall




Leslie,
           Would changing the domain name be the same as changing the
hostname? In other words, if you leave the name of the server alone but
move it to a different domain, would you have the same affects as if you
change the hostname?



                       "Leslie Clark"
                       <lclark@US.IBM.COM>  T
                                            To: IBM NetView Discussion
<nv-l@tkg.com>
                       Sent by:             cc:
                       owner-nv-l@tkg.com
                                            bcc:
                                            Subject:
RE: [NV-L]
                                            Moving Netview behind a Cisco
PIX Firewall
                       05/23/01 07:04 AM
                       Please respond to
                       IBM NetView
                       Discussion






Just on the subject of changing the IP Address of the Solaris box running
Netview,
take these things into consideration:

See the Netview 6.0 release notes appendix B. The instructions there for
changing
the address are pretty complete but it has since been determined that
changing the
hostname of the box is a very bad idea so don't do that.  Also, the command
documented there to change the address in the framework has an error in it.
It should be
   odadmin odlist change_ip <od> <newaddr> FALSE
where <od> is the object dispatcher number of the Managed Node. Use
'odadmin odlist'
to see what your od is. If it is a TMR Server, the od is 1.

Any network devices that have trap destinations set to your old address
will need to
be changed to point to your new address.
Any network devices that have access lists which restrict snmp access, or
block pinging
will need to be changed as well.

Changing the address of the box usually ends up being a bigger job than you
thought,
so plan accordingly.

Cordially,

Leslie A. Clark
IBM Global Services - Systems Mgmt & Networking
Detroit


Chuyen Huynh/France/IBM@IBMFR@tkg.com on 05/22/2001 04:25:49 PM

Please respond to IBM NetView Discussion <nv-l@tkg.com>

Sent by:  owner-nv-l@tkg.com


To:   IBM NetView Discussion <nv-l@tkg.com>
cc:
Subject:  RE: [NV-L] Moving Netview behind a Cisco PIX Firewall





There are some guide lines:
- Change the IP address of you NetView referenced in every managed node
(trap)
- Ask your firewall administrator to allow ping and snmp from your NetView
server (any, NetView host).

The firewall administrator will mention the ping of death as a deny attack
and that snmp communities run on clear text on the network.

There is always a price to pay. We dedicated a administrative network for
SNMP, Tivoli, etc. and isolate it from normal flows that do not accept SNMP
nor ping.

Chuyen HUYNH
Tivoli certified Consultant, IBM certified Architect, Microsoft Certified
System Engineer

chuynh@fr.ibm.com

Mobile : (33) 670 014 929.
Office: (33) 149 053 686 / 338636

Tour Descartes, La Defense 5, 92066 La Defense
FRANCE


 (Embedded
 image moved to "Tesfai, Menghis"
 file:          <Menghis.Tesfai@PictureVision.com>
 pic00402.pcx)  22/05/2001 21:04




Please respond to IBM NetView Discussion <nv-l@tkg.com>

To:   "'IBM NetView Discussion'" <nv-l@tkg.com>
cc:
Subject:  RE: [NV-L] Moving Netview behind a Cisco PIX Firewall




Let me restate my question.

We are looking to change the IP address on the server that hosts Netview.
If you could guide me to a URL or send me some documentation relating to
this, I would appreciate it.


Thanks,

Menghis

-----Original Message-----
From: chuynh@fr.ibm.com [mailto:chuynh@fr.ibm.com]
Sent: Tuesday, May 22, 2001 5:39 AM
To: IBM NetView Discussion
Subject: Re: [NV-L] Moving Netview behind a Cisco PIX Firewall




Yes. We have a  NV 6.2 on AIX server that manages CheckPoint Firewall-1,
Cisco PIX, Cisco Catalyst and Alteon AD4.
It works fine.
As it is a touchy topic, may you be more precise on your request ?

Chuyen HUYNH
Tivoli certified Consultant, IBM certified Architect, Microsoft Certified
System Engineer

chuynh@fr.ibm.com

Mobile : (33) 670 014 929.
Office: (33) 149 053 686 / 338636

Tour Descartes, La Defense 5, 92066 La Defense
FRANCE


 (Embedded
 image moved to "Tesfai, Menghis"
 file:          <Menghis.Tesfai@PictureVision.com>
 pic27639.pcx)  21/05/2001 18:40




Please respond to IBM NetView Discussion <nv-l@tkg.com>

To:   "'IBM NetView Discussion'" <nv-l@tkg.com>
cc:
Subject:  [NV-L] Moving Netview behind a Cisco PIX Firewall




Hello,

Has anyone gone through the exercise of moving Netview behind a firewall. I
am currently running Netview V5 on a Solaris 2.6 machine.

If you could guide me to a URL or send me some documentation relating to
this, I would appreciate it.

Thanks,

Menghis
_________________________________________________________________________
NV-L List information and Archives: http://www.tkg.com/nv-l

_________________________________________________________________________
NV-L List information and Archives: http://www.tkg.com/nv-l


(See attached file: pic00402.pcx)
(See attached file: pic00402.pcx)


<Prev in Thread] Current Thread [Next in Thread>

Archive operated by Skills 1st Ltd

See also: The NetView Web