Bridge through Firewall Revised August 8th 2001. Objectives Run Bridge through the firewall but…
-
Upload
gloria-hamilton -
Category
Documents
-
view
218 -
download
0
description
Transcript of Bridge through Firewall Revised August 8th 2001. Objectives Run Bridge through the firewall but…
Bridge through Firewall
Revised August 8th 2001
Objectives
Run Bridge through the firewall but block SQL port 1433 for inbound traffic. There should be no SQL initialization from DMZ zone.
Firewall Setup
BridgeSource = DMZ COREDestination = Central Core
DSM
Bridge WV Gateways
UDP 162, ICMP Ping
SQL 1433 FIREWALL
Host A
UDP 161 - Traps
Common Services
Common Services
CORE HostWV
Gateway
Common Services
SQL Port Outbound traffic – Bridge Pulls information from inside the firewall
WV GatewayDMZ Core
Central Core
Inbound Rules
SQL Port Blocked from DMZ to Private
Outbound Rules
SQL Port Open for Private to DMZ traffic
Active Connections
Denials List
SQL Port Blocked from DMZ , initialization denied
Bridge Configuration
RGT1N = Core outside Firewall
DAWYA01D = Core Inside the Firewall
Bridge Running inside Firewall
Destination Core
Core Inside the Firewall
Status in sync with DMZ core
Maintaining Status
Any Status updates in DMZ core will be propagated to the Central CORE.
Be selective on Bridge Rules – DMZ core should be relatively small as it would
need to transmit all worldview notification Source CORE not in the same server
as the Bridge Instance. Not best practice
WorldView Notification
NodeView from Private Network 7774
unblocked for outbound traffic
AgentView with Routing
7774 unblocked for outbound traffic
Questions and Answers
Any questions?Any questions?