Blocking certain IP's from Logining into TMR server

[saggaf]

Hi everybody,

Is it possible to block certain endpoints based on their IP addresses from logging into the gateway or TMR server? How can I do that?

This would help me to reject the login request based on IP's as we're using certain range of IP's for dail-in from home.

Thanks in advance for any help ...

 

[Loran]

This is done through your "allow_install" policy. To obtain text file copies of the current allow_install policy, do the following on the TMR server:

# wgeteppol allow_install_policy > allow.sh

There is a Tivoli Field Guide on Endpoint Polcies that will help as well as the Redbook - "All About Tivoli Management Agents".



Loran Swymer
SwymerL@wr.disa.mil

 

[miksta]

...also, if you need to disallow logging into a specific gateway, use the select_gateway_policy script. It will define where or where not an endpoint can log into.
MDS

 

[robot3]

Yes...

use an endpoint login_policy policy on your gateway(s) (unix?)or a select_gateway_policy

start with wgeteppol login_policy > letseewhatsinthere.txt
you will get an empty script..(with comments)
add a line like

if [ echo "$1" |grep "^123.456" ]
then exit 1
fi

and with wputeppol login_policy < thatswhatiwant.txt
you start your first try

(or read the Tivoli management framework reference manual 3.7.1 page 2-17.....first for a more elaborate example)

good luck
Robot3