nv-l
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Beyond the firewall

2001-02-21 09:01:30
Subject: RE: Beyond the firewall
From: Stephen Elliott <selliott AT epicrealm DOT com>
To: nv-l AT lists.tivoli DOT com
Date: Wed, 21 Feb 2001 08:01:30 -0600 
Tom & Bob,

Juan suggested upgrading to v6 and using SNMP polling, which is probably the
simplest solution, provided you are able to upgrade. I'm thinking perhaps
that another option is the use of an MLM outside the firewall. I don't know
the comm ports used between and MLM and NV server, it might just be straight
TCP/IP. Whether it is or not, the security folks could open a hole based on
the IP addresses and used ports of the MLM and NV server which might be
better security than a general SNMP pass-through. 

Regards,

Steve Elliott
Sr. Network Mgmt. Engineer
epicRealm, Inc.



-----Original Message-----
From: Gallagher, Bob [mailto:bob.gallagher AT firstcitizens DOT com]
Sent: Wednesday, February 21, 2001 7:48 AM
To: 'IBM NetView Discussion'
Subject: RE: [NV-L] Beyond the firewall


That is a little unusual that they would allow SNMP rather than ping. The IP
packets
from a SNMP(UDP) standpoint present more of a security risk than PING
(ICMP). 
I got the same sort of stuff going on here dealing with DMZs. I'll listen in
to 
see what the community responds with..... thanks

-----Original Message-----
From: Gebhart, Tom (CC-MIS Tech Systems)
[mailto:Tom.Gebhart AT conagrafoods DOT com]
Sent: Tuesday, February 20, 2001 5:49 PM
To: 'nv-l AT tkg DOT com'
Subject: [NV-L] Beyond the firewall


Hello all,

        I have gotten help from this board before, both directly and
indirectly, so let me give it a try again.  First let me say thanks to all
those who respond so professionally with both problems and solutions.
Sometimes a problem known is a problem solved.

        We are currently running NetView 5.1.3 on AIX 4.3.2.  We want to
manage some network devices (Cisco routers) that are outside our Cisco PIX
firewall.  Our security folks are willing to allow SNMP through the firewall
but are reluctant to allow PING.  Has anyone crossed this bridge (so to
speak) and if so how did you get to the other side?

        I guess what I'm asking is whether NetView can provide availability
status via SNMP rather than PING.  If not, is there any other way to
manage/monitor availability status of devices beyond a firewall.  Thanks
again, Tom G.

   Tom Gebhart
       <<...OLE_Obj...>> 
        ConAgra Foods
Senior Network Administrator
        (402) 577-3677

_________________________________________________________________________
NV-L List information and Archives: http://www.tkg.com/nv-l

----------------------------------------------------------------------------
--
This electronic mail and any files transmitted with it are confidential and
are intended solely for the use of individual or entity to whom they are
addressed. If you are not the intended recipient or the person responsible
for delivering the electronic mail to the intended recipient, be advised
that you have received this electronic mail in error and that any use,
dissemination, forwarding, printing, or copying of this electronic mail is
strictly prohibited. If you have received this electronic mail in error,
please immediately notify the sender by return mail.

============================================================================
==
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Beyond the firewall, Gallagher, Bob
Next by Date:  RE: Incorrect Community Name !, Tremblay, David A.
Previous by Thread:  RE: Beyond the firewall, Gallagher, Bob
Next by Thread:  Re: Beyond the firewall, joe pagliuca
Indexes:  [Date] [Thread] [Top] [All Lists]