|
| View previous topic :: View next topic |
| Author |
Message |
Gerhard
Joined: 16 Oct 2006
Posts: 26
|
 Posted: Thu Mar 13, 2008 4:41 am Post subject: Monitor servers behind firewalls |
 |
|
Dear KS Soft,
We have been using Hostmonitor 6.82 and RMA agents 3.44. The RMA agents perform the tests within other domains which works fine. We are experiencinng a lot of problems with monitoring servers within our DMZ which have different Vlans and different firewalls. Within the DMZ we Use 2 RMA agents to perform the tests, but when accessing a different Vlan the tests have to go trough a other firewall. Within our DMZ network it is not a option to say open all TCP ports above 1024. Is it possible to give me a overview with test items and used ports?
Regards,
Gerhard |
|
| Back to top |
|
 |
KS-Soft Europe
Joined: 16 May 2006
Posts: 2832
|
| Posted: Thu Mar 13, 2008 5:18 am Post subject: Re: Monitor servers behind firewalls |
|
|
| Gerhard wrote: | | Within our DMZ network it is not a option to say open all TCP ports above 1024. Is it possible to give me a overview with test items and used ports? |
Not sure this information helps you. HostMonitor use standard ports and protocols because it checks standard servises and servers. Everything depends on tests those you want to implement. For instance, URL test uses port 80 (HTTP) or 443(HTTPS). SMTP and POP3 tests uses 25 and 110 port accordingly. SNMP test requires 161 port, etc.
Windows RPC calls may use any port above 1023.
HostMonitor uses Windows RPC for the following test methods:
- nt eventlog test
- services test
- performance counter test
- cpu usage
- WMI test
HostMonitor uses Windows calls network client to perform the following tests:
- drive free space
- folder/file size
- count files
- file integrity
- text log
- compare file, etc.
This means port and protocol depends on network client that you are using. E.g. NETBIOS uses ports 137-139
Probably, you have to try to install "Active RMA" into different VLAns. "Active RMA" was introduced in version 7.0 and works sligtly different rather "Passive RMA". Active RMA is not waiting for TCP connection from HostMonitor like regular RMA (now it`s called as Passive RMA). Active RMA itself establishes connection with HostMonitor and RMA Manager. This allows you to install RMA inside private network protected by firewall without necessity to open any TCP port (Passive RMA requires 1 open TCP port). Also Active RMA allows you to monitor system that does not have fixed IP address, e.g. system that is connecting to the network using temporary dial-up connection.
http://www.ks-soft.net/hostmon.eng/rma-win/activerma.htm
Regards,
Max |
|
| Back to top |
|
|
V Arun
Joined: 11 Apr 2004
Posts: 52
|
| Posted: Wed Mar 26, 2008 10:24 am Post subject: |
|
|
Normally, in well secured firewall configurations, access-lists within DMZs are very restrictive. Even if they are in same subnet or vlan, traffic flow is denied by default unless explicitly permitted.
If you like to avoid opening multiple ports, the best option would be to install an RMA agent in each monitored host within the DMZs. This might cost u a bit, but worth the hassle. |
|
| Back to top |
|
|
losisoft
Joined: 21 Mar 2008
Posts: 43
|
| Posted: Thu Mar 27, 2008 8:29 am Post subject: |
|
|
| I agree, Install the agent in the DMZ network, and test it from there. That's the easiest. And you only need to open a port to one machine. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in
