Manualshelf

VERITAS Enterprise Administrator (VEA 500 Series) Getting Started

ManualsBrandsHP ManualsSoftwareHP-UX 11i Volume Management (LVM/VxVM) Software
41424344454647484950
Chapter 2, Using the VEA
Firewall Support
35
1. Allow for an alias of port 2148 on server A to be a particular port on the firewall machine.
2. Let Pf be the port on the firewall machine F which is an alias for port 2148 on server A.
3. Connect using the GUI to port Pf on F. You are actually managing server A
Note VEA uses Anonymous Deffie Hellman key exchange and is therefore vulnerable to the
man-in-the-middle attack. Therefore it is recommended that SSH or some kind of tunneling
software be used if going across the internet. If SSH is used set up port forwarding from
client to firewall port Pf and use SSH to tunnel.
Example 3
For the case where 2148 is forwarded through the firewall (punch through):
1. Let machines A and B be the servers on the secure side of the firewall.
2. Let client be on the internet/intranet side
client -----> firewall ----> A|B
3. Configure TCP/IP routing on the client such that packets destined for A|B are routed to
firewall F.
4. Add A and B to /etc/hosts (or equivalent) for name resolution if required.
5. Connect to A and/or B (depending which one to manage)