234 C
OMMAND
C
ENTER
S
ECURE
G
ATEWAY
A
DMINISTRATOR
G
UIDE
CC-SG & SNMP
Simple Network Management Protocol (SNMP) allows CC-SG to push SNMP traps (event
notifications) to an existing SNMP manager on the network. CC-SG also supports SNMP
GET/SET operations with third-party Enterprise Management Solutions, such as HP OpenView.
Communication Direction Port
Number
Protocol
Purpose
Configurable?
SNMP Manager
→
CC-SG
161
UDP
SNMP Get, Set
yes
CC-SG
→
SNMP Manager
162
UDP
Sending Traps
yes
CC-SG & CC-NOC
CC-NOC can optional appliance that can be deployed in conjunction with CC-SG. CC-NOC is a
Raritan network-monitoring appliance that audits and monitors the status of servers, equipment,
and Raritan devices that CC-SG manages.
Communication Direction Port
Number
Protocol
Purpose
Configurable?
CC-SG
↔
CC-NOC
9443
TCP
CC-SG, CC-NOC
Communications
no
CC-SG Internal Ports
CC-SG uses several ports for internal functions and its local firewall function blocks access to
these ports. However, some external scanners may detect these as “blocked” or “filtered”.
External access to these ports is not required and can be further blocked. The ports currently in
use are:
1088, 1098, 2222, 4444, 4445, 8009, 8083 and 8093
In addition to these ports, CC-SG may have a couple of TCP and UDP ports in the 32xxx (or
higher) range open. External access to these ports is not required and can be blocked.
CC-SG Access via NAT-enabled Firewall
If the firewall is using NAT (Network Address Translation) along with possibly Port Address
Translation (PAT), then Proxy mode should be used for all connections that use this firewall.
Moreover, the firewall must be configured for external connections to Ports 80(non-SSL)/443
(SSL)
2
, 8080 and 2400 to be forwarded to CC-SG (since the PC Client will initiate sessions on
these ports).
All In-Band Access (IBA) connections use the CC-SG as the Proxy connection and no additional
configuration is required. Out-of-Band Access (OBA) connections using the firewall must be
configured on the
Setup
Î
Configuration Manager
Î
Connection Mode
menu to use Proxy
mode. This way, CC-SG will connect to the various targets (either IBA or OBA) on behalf of the
PC Client requests. However, the CC-SG will terminate the PC Client to Target TCP/IP
connection that comes through the firewall.
2
It it NOT recommended to run non-SSL traffic through a firewall.
Содержание Command Center CC-SG
Страница 2: ...This page intentionally left blank...
Страница 16: ......
Страница 34: ...18 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE...
Страница 64: ...48 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE...
Страница 122: ...106 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE...
Страница 168: ...152 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE...
Страница 252: ......
Страница 254: ...238 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE...
Страница 258: ...242 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE...
Страница 260: ...244 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE...
Страница 268: ...252 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 255 80 5140 00...
Страница 269: ...APPENDIX G FAQS 253...