5.5 FIREWALL CONSIDERATIONS IN NETWORK DISCOVERYMany corporations implement network security to protect their resources. This may be achieved by using some type of firewall software such as Check Point FireWall-1. Most firewalls do not allow ICMP (ping) traffic to pass through, which means that by default, an NNM station cannot manage devices across a firewall. However, netmon can be configured to use snmp for network discovery (instead of ping) with the use of the configuration file netmon.snmpStatus. To configure SNMP discovery: Create the configuration file in the following location: UNIX: $OV_CONF/netmon.snmpStatus Windows: %OV_CONF%\netmon.snmpStatus Add a line to the netmon.snmpStatus file with the IP Address wildcards that you want to have SNMP status polled. Restart netmon from the command line by typing the following: ovstop netmon ovstart netmon Another solution to managing devices across a firewall is to implement a distributed model of NNM. This entails placing a Collection Station on one side of the firewall and a Management Station on the other side allowing management across the firewall. The communication between the NNM stations is SNMP. This topic will be discussed in detail in Chapter 9. |