Veritas Enterprise Administrator (VEA) Getting Started (HP-UX 11i v3, February 2007)
Firewall Support
36 VERITAS Enterprise Administrator (VEA 500 Series) Getting Started
We need to do the following:
1. Allow for an alias of port 2148 on server A to be a particular port on the firewall
machine.
2. Let Pf be the port on the firewall machine F which is an alias for port 2148 on server A.
3. Connect using the GUI to port Pf on F. You are actually managing server A
Note VEA uses Anonymous Deffie Hellman key exchange and is therefore vulnerable to
the man-in-the-middle attack. Therefore it is recommended that SSH or some kind
of tunneling software be used if going across the internet. If SSH is used set up port
forwarding from client to firewall port Pf and use SSH to tunnel.
Example 3
For the case where 2148 is forwarded through the firewall (punch through):
1. Let machines A and B be the servers on the secure side of the firewall.
2. Let client be on the internet/intranet side
client -----> firewall ----> A|B
3. Configure TCP/IP routing on the client such that packets destined for A|B are routed
to firewall F.
4. Add A and B to /etc/hosts (or equivalent) for name resolution if required.
5. Connect to A and/or B (depending which one to manage)