Kevin,
A couple of things concerning MLMs behind a firewall.
- NetView uses SNMP to communicate/configure the MLM. So if you don't
have SNMP open, NetView will not be able to discover that this MLM is out
there. You could configure the MLM manually...(what to status poll), but
the GUI only runs on Unix, not on NT. (you said your MLM was NT).
- Will the firewall allow SNMP traps from the MLM to the NetView server?
If not, you will never get status traps from the MLM back to NetView
------------------------------------------------------------------------------------------------------------------------------------
Option 1.
1) Configure your MLM manually from any Unix box running the configuration
GUI.
2) Allow SNMP traps from MLM to NetView through firewall
3) Use loadhosts command on NetView to "manually discover" the DMZ
resources into NetView. They will be red until MLM sends a interface-up
trap at startup time.
Note: from the NetView map, if you ping a DMZ interface, it will go red
because NetView cannot ping it. The only way to turn it green will be to
recycle your MLM which will send IF-UP or IF-DOWN traps for every interface
it is monitoring.
Problems -- even then this may not work, you need to tell netmon that this
MLM is polling the interfaces...but you can't because netmon cannot
communicate with that MLM over SNMP.
-------------------------------------------------------------------------------------------------------------------------------------
Option 2 .
1) Install a small NetView in your DMZ
2) If your main NetView is sending events to TEC, your DMZ NetView can as
well using the Event Sink as part of the Tivoli Firewall Toolbox.
3) Update the Jetty configuration on DMZ NetView to use SSH (see
www.jetty.org) and use SSH to access NetView web console from Intranet
across firewall.
Kind regards,
Stephen Hochstetler shochste@us.ibm.com
International Technical Support Organization - Austin
Office - 512-436-8564 FAX - 512-436-9326
ITSO redbooks at http://www.redbooks.ibm.com
|