HP OpenView

[broskeychtr]

Hello,

I am a new HP OpenView admin and I am setting up certain employees to view the OpenView map via web. The problem I am running into is that they are on a different network than the OpenView server which is behind a PIX fire wall. I am trying to find out what ports need to be opened on the fire wall in order for them to view the map via web. In other words what ports does Web Navigator use? I have opened port 8880 which gets them to the server, but they are not unable to open the IP Network, it stops at 10% then gives an error.
Any information would be great. Thanks.

 

[kwtso]

In addition to 8880, you have to open port 3700, 9999, 2345, 2346.

 

[oneocean]

I've been on the phone with HP today. They tell me I need TCP ports: 2447, 80, 2953, 2954, 8880, 9999, 3700-3799.

We operate a system where various parties can take a web-view of networks using the "web presenter".

There are a few problems with this view, but nothing that we can't overcome, with ONE exception - and this will be quite valid for you...

Through a PIX firewall (for certain and maybe other firewalls) when you leave the session unattended for an amount of time, the session hangs up. When you then double click on an icon in the web view, the applet does not respond and you have to restart it. This is because the TCP session timeout (by default 60 minutes on a PIX) causes the TCP session to be removed from the connections table in the firewall. When you then click on an icon, the applet tries to re-open the same session (old) and not create a new one.

The firewall sees this as a security breach and drops the packets. I can't see a way around the problem as increasing the TCP session time-out, to 12 hours say, is insecure and not practical.

Anyone got any advice for me?

 

[broskeychtr]

Thanks for the reply oneocean.

I have not had any complaints about what you are referring to. I have multiple sessions opened via web browser across the country and no one has complained yet, but if it does come up I would be interested in seeing a solution.
Thanks again.

 

[Guest_imported]

A simpler solution would be to try the Galileo product from Netvion. It allows HPOV NNM to discover and manage through PIX firewalls and devices on the outside of the firewall without opening up additional ports.

They offer a free download for 30 days. Go to

http://www.netvion.com/galileo

It is a HP Certified Application and HP reccomends it as the solution to the firewall management problem they have.

Netvion also has a technical white paper you can download for free as well.

 

[oneocean]

Guys, thanks for the replies.
Questions to 'broskeychtr' though -
If you have this working through a firewall without any problems, how long do the sessions last? We have the Web Presenter running in a NOC and so the applet is running 24x7. Have you this working sucessfully? If wo, what config have you made in order to run it?
I've escalated this to my HP account manager as no really helpful information has been forthcoming - but I'd like to resolve it between ourselves if at all possible (particularly if I haven't done some config that I should have!)
Thanks
oneocean

 

[broskeychtr]

Well oneocean since I am on the same network as the OpenView server I contacted the monitors in another state to verify that they are not timing out. They said that it seems like the MAP refreshes itself without timing out. They only thing I can think of that I did was open up their IP range entirely through the PIX instead of just ports. If you can think of other things that I might have done to prevent the timing out let me know and I will check.

 

[oneocean]

He're some more information...
Apparently, NNM doesn't support this, according to HP. If you leave the console alone and don't use the Web Presenter for longer than your firewall's default TCP timeout, the session will not reconnect when the client is used again.

We're looking for a workaround.
- oneocean