Manualshelf

Managing your HP servers through firewalls with HP SIM (481364-002, February 2008)

ManualsBrandsHP ManualsSoftwareHP Systems Insight Manager 5.x Linux Software
12345678910
9
In some situations, the firewall may simply restrict communication between specific IP addresses. For
example, the firewall may allow the exchange of any IP packets between the managed system and
the CMS. However, because host names and IP addresses can be spoofed, a higher level of
restriction can be imposed through the firewall; that is, the firewall can permit only non-spoofable
protocols.
In this case study, we assume that the firewall is configured to allow only requests from the CMS to
the managed server and returned responses. Typically, this means the firewall will not permit UDP
traffic, as connectionless protocols cannot easily be configured to block incoming packets. Only
specific TCP ports will be opened, and they will possibly be filtered for certain types of traffic.
Figure 3 Firewall separating central management server from managed server
Intranet
Management
Server
DMZ
Managed
Systems