20.12 THE FIREWALLA firewall, as defined in Cisco© Press's Dictionary of Internetworking Terms and Acronyms , is a "router or access server, or several routers or access servers, designated as a buffer between any connected public networks and a private network. A firewall router uses access lists and other methods to ensure the security of the private network."The HTTPS-based agent makes it possible to configure and support nodes outside the firewall. A firewall configuration might be necessary to communicate with the managed nodes in one of the following three locations:
Information on configuring OpenView for DCE (NCS)/RPC-based communications can be found in the document, "Firewall Configuration White Paper," available at http://ovweb.external.hp.com/lpe/doc_serv/.The HTTPS Agent Concepts and Configuration Guide contains detail on configuring the HTTPS-based agent for use with firewalls. 20.12.1 Proxy FilterCommunication sessions between the management server and the managed node that travel through the Internet may require a proxy filter. A "proxy" filter is a firewall that authenticates user (or application) sessions that originate inside the firewall and allows the communication to proceed to the destination, outside the firewall. The proxy firewall generally configures port 8080 to receive, authenticate, and forward inbound or outbound network traffic. Communications to/from the management server might originate from the following processes: certificate server (ovcs), config/deploy component (ovconfgd), remote control (opcragt), request sender (ovoareqsdr), message receiver (opcmsgrb), and configuration adaptor (opcbbcdist). The communications from an OVO managed node originating from the message agent first contact the "proxy" firewall (on the default port 8088) where authentication takes place and the traffic is forwarded to the destination inside the firewall. The HTTPS-based agent can take advantage of the proxy concept for secure communications. The proxy environment requires additional application software such as Apache©, which is not provided by the OVO installation. Read more about firewall and proxy filters at http://www.itsecurity.com/dictionary/dictionary. |
لطفا منتظر باشید ...
