Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Managing devices in DMZ ?

Status
Not open for further replies.

misjay01

Technical User
Jun 17, 2003
50
GB
Currently we have no way of managing our devices in the DMZ area. This seems to be a major problem at the moment and hence we are looking at solutions on how we can best do this without compromising security.

We are using solarwinds, openview and ciscoworks for management.

Can I get guidelines on the best and secure option please ?

The current options are :-

1. To enable snmp on the firewalls - In light of number of devices the policy to allow a specific subnet to the snmp server ?

2. To have a separate snmp server in the DMZ and remote console to it to see status of devices.

3. To have a collection station , this can only be done with openview ? Not sure if there are licensing costs associated with this which would make it tricky.

Any advice welcome !
 
What we have done is created a 1 way rule in our firewall that allows are Node Monitor to go out to the DMZ and poll on specific devices. By keeping the rules specific and only allow it to communicate on specific port should be ok.
 
Is setting up udp port 161 all you need for the management server ? Do you not need to get a response back ?

Does this port use ping ? and is this required as well ?


 
you would set up the rule as follows: mgmt svr => Dmz devices allow icmp and snmp read and or trap. If you need other ports for other monitoring/reporting service open them up as necessary.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top