Folks,
I am in a bit of a bind. I have some 25 DMZs and secure areas that I need to
monitor within NetView. The problem is, the FireWalls admins (by order of the
security people) do NOT, and will not, let ping and snmp traffic through. They
may be willing to compromize if I had a secure link, and the traffic was
encrypted.
It seems I may need to wait for SNMP v3 for that. In the meantime, I am trying
to
find a solution that will keep the security folks calm, and the FireWall masters
happy.
"Extending Network Management Through Firewalls" - a red book
by Stephen Hochstetler has some good solutions. Trying to get the budget
to install extra equipment to create a secure environment as descibed in this
book is out of the question. I am under some severe financial restraints. I
cannot put a seperate AIX box with its own NetView in each DMZ either.
It also seems I will have a hard time getting the OK for NT boxes in some
of these DMZ as NT / Win 2000 is considered too much of a risk.
Too make it even more of a challenge, the operations folk want consolidated
consoles. A web browser for each DMZ is not an option. All relevent traps need
to end up in TEC. The NetView guys resposible for the maps want to work
with only one NetView, and at best, only one map.
Surely I am not the only one in this situation? How did other folks cross
these hurdles? Are you using an "add on" product? Did you write your own
in-house solution? Did you get your FireWall admins / security people to
compromize? I am interested in hearing how you guys solved these problems
or how you manage your DMZs and secure areas. Are they even being managed,
or is it just not worth the effort?
Sympathy, insight and advice most welcome.
Regards,
Kevin.
--
Kevin Gow
Network Management
CREDIT SUISSE FINANCIAL SERVICES
|