Veritas™ Enterprise Administrator 5.0.1 User's Guide
To connect
1
Allow for an alias of port 2148 on server A to be a particular port on the
firewall machine.
2
Let Pf be the port on the firewall machine F which is an alias for port 2148
on server A.
3
Connect using the GUI to port Pf on F. You are actually managing server A
VEA uses Anonymous Deffie Hellman key exchange and is therefore
vulnerable to the man-in-the-middle attack. Therefore it is recommended
that SSH or some kind of tunnelling software be used if going across the
internet. If SSH is used set up port forwarding from client to firewall port Pf
and use SSH to tunnel.
Example 3
For the case where 2148 is forwarded through the firewall (punch through):
To connect
1
Let machines A and B be the servers on the secure side of the firewall.
2
Let client be on the internet/intranet side
client ---> firewall ---> A|B
3
Configure TCP/IP routing on the client such that packets destined for A|B are
routed to firewall F.
4
Add A and B to /etc/hosts (or equivalent) for name resolution if required.
5
Connect to A or B or both machines (depending on which are to be managed).
Using Veritas Enterprise Administrator
Firewall support
44