Isolating the management network is the right thing to do. All traffic can
run in the open and if you need to jump domains a good firewall system can
be employed with what ever restriction. I love it when I can work on a
system that has a management network not at risk to the internet. We design
data centers with this in mind.
Make sure nobody has IP forward set though.
good call Chuyen
chuynh AT fr.ibm DOT com wrote:
>
> There are some guide lines:
> - Change the IP address of you NetView referenced in every managed node
> (trap)
> - Ask your firewall administrator to allow ping and snmp from your NetView
> server (any, NetView host).
>
> The firewall administrator will mention the ping of death as a deny attack
> and that snmp communities run on clear text on the network.
>
> There is always a price to pay. We dedicated a administrative network for
> SNMP, Tivoli, etc. and isolate it from normal flows that do not accept SNMP
> nor ping.
>
> Chuyen HUYNH
> Tivoli certified Consultant, IBM certified Architect, Microsoft Certified
> System Engineer
>
> chuynh AT fr.ibm DOT com
>
> Mobile : (33) 670 014 929.
> Office: (33) 149 053 686 / 338636
>
> Tour Descartes, La Defense 5, 92066 La Defense
> FRANCE
>
>
> (Embedded
> image moved to "Tesfai, Menghis"
> file: <Menghis.Tesfai AT PictureVision DOT com>
> pic00402.pcx) 22/05/2001 21:04
>
>
> Please respond to IBM NetView Discussion <nv-l AT tkg DOT com>
>
> To: "'IBM NetView Discussion'" <nv-l AT tkg DOT com>
> cc:
> Subject: RE: [NV-L] Moving Netview behind a Cisco PIX Firewall
>
> Let me restate my question.
>
> We are looking to change the IP address on the server that hosts Netview.
> If you could guide me to a URL or send me some documentation relating to
> this, I would appreciate it.
>
> Thanks,
>
> Menghis
>
> -----Original Message-----
> From: chuynh AT fr.ibm DOT com [mailto:chuynh AT fr.ibm DOT com]
> Sent: Tuesday, May 22, 2001 5:39 AM
> To: IBM NetView Discussion
> Subject: Re: [NV-L] Moving Netview behind a Cisco PIX Firewall
>
> Yes. We have a NV 6.2 on AIX server that manages CheckPoint Firewall-1,
> Cisco PIX, Cisco Catalyst and Alteon AD4.
> It works fine.
> As it is a touchy topic, may you be more precise on your request ?
>
> Chuyen HUYNH
> Tivoli certified Consultant, IBM certified Architect, Microsoft Certified
> System Engineer
>
> chuynh AT fr.ibm DOT com
>
> Mobile : (33) 670 014 929.
> Office: (33) 149 053 686 / 338636
>
> Tour Descartes, La Defense 5, 92066 La Defense
> FRANCE
>
> (Embedded
> image moved to "Tesfai, Menghis"
> file: <Menghis.Tesfai AT PictureVision DOT com>
> pic27639.pcx) 21/05/2001 18:40
>
> Please respond to IBM NetView Discussion <nv-l AT tkg DOT com>
>
> To: "'IBM NetView Discussion'" <nv-l AT tkg DOT com>
> cc:
> Subject: [NV-L] Moving Netview behind a Cisco PIX Firewall
>
> Hello,
>
> Has anyone gone through the exercise of moving Netview behind a firewall. I
> am currently running Netview V5 on a Solaris 2.6 machine.
>
> If you could guide me to a URL or send me some documentation relating to
> this, I would appreciate it.
>
> Thanks,
>
> Menghis
> _________________________________________________________________________
> NV-L List information and Archives: http://www.tkg.com/nv-l
>
> _________________________________________________________________________
> NV-L List information and Archives: http://www.tkg.com/nv-l
>
>
> --------------------------------------------------------------------------------
> Name: pic00402.pcx
|
