Software Distributor: Firewall Configuration Cookbook
1 Introduction This document describes how to configure an existing SD environment to work across a firewall. This procedure has been verified and implemented across a real firewall and is known to work. This document is applicable to any site that wants to install software to an external firewall system from an internal depot. When using this document, please verify all security procedures are observed and properly implemented to avoid any security exposure.
6. 7. The SystemA swagent sends the SystemB swagent the requested data. After all the data has been transferred, the child swagent process on SystemA completes and terminates. The SystemB swagent also completes and terminates. Communication is closed on the new port. Section 1:Generating the Network Firewall Access Request The network firewall access must have an entry for the daemon (swagentd) process and entries for the agent (swagent) processes. The daemon (swagentd) by default listens on port 2121.
1. 2. Log in as root on SystemA (agent). Edit the /var/adm/sw/defaults file: vi /var/adm/sw/defaults 3. Ensure the file contains the following entries (add if not present): swinstall.rpc_binding_info swcopy.rpc_binding_info swremove.rpc_binding_info swconfig.rpc_binding_info swverify.rpc_binding_info swlist.rpc_binding_info swreg.rpc_binding_info swacl.rpc_binding_info swjob.rpc_binding_info swacl.rpc_binding_info sd.rpc_binding_info swagentd.
export RPC_RESTRICTED_PORTS="ncacn_ip_tcp[4000-4009]" /usr/sbin/swinstall -s SystemA:/DepotA The best way to handle the RPC_RESTRICTED_PORTS is to set the global variable in the shell: export RPC_RESTRICTED_PORTS="ncacn_ip_tcp[4000-4009]" Then run any SD command as you normally would: /usr/sbin/swlist -dl product @ SystemA:/DepotA This configuration has been tested and working for production systems within the Hewlett-Packard environment.
