The FTP communication is configured as an extended passive FTP connection, with the
managed devices serving as the FTP servers and the 5620 SAM Server and 5620 SAM
Auxiliary acting as the FTP client.
Extended passive FTP connections use dynamically-allocated ports on both sides of the
communication channel, and are ephemeral in nature. As such, the data sent from the
managed devices will be sent from a port in the range of 1024-65536. This data will be
sent to the 5620 SAM Server on a port in the range of 1024-65536. Support for
EPSV/EPRT ftp commands (commands that can replace PASV/PORT commands) must
be enabled for connections to the 7x50 family of routers.
Firewall and NAT rules
Firewall and NAT rules
Firewall rules are applied to the incoming network interface traffic of the 5620 SAM
workstations. As a rule, firewall rules are not applied to the outgoing network interface
traffic.
For 5620 SAM installations using RHEL as the Operating System, the RHEL supplied
firewall can be used to filter network traffic using filter rules lists. Only experienced
system administrators with extensive knowledge of the RHEL firewall should attempt to
implement the filter rules lists provided with each 5620 SAM component. All others
should disable the RHEL firewall.
The installation of each 5620 SAM component will include the filter rules lists to be
applied for successful communication between different 5620 SAM components, OSS
Clients, and Network Elements. The table below defines the location
Table 7-2 Sample iptables filter rules lists file locations
SAM Component Protocol File Location
SAM Server IPv4 /opt/5620sam/server/nms/sample/firewall/iptables_MainServer
SAM Server IPv6 /opt/5620sam/server/nms/sample/firewall/ip6tables_MainServer
SAM Database IPv4 /opt/5620sam/samdb/install/nms/sample/firewall/iptables_Database
SAM Database IPv6 /opt/5620sam/samdb/install/nms/sample/firewall/ip6tables_Database
Statistics/Call Trace
Auxiliary
IPv4 /opt/5620sam/auxserver/nms/sample/firewall/iptables_AuxServer
Statistics/Call Trace
Auxiliary
IPv6 /opt/5620sam/auxserver/nms/sample/firewall/ip6tables_AuxServer
Cflowd Auxiliary IPv4 /opt/5620sam/dcp-13_0R7/util/firewall/iptables_CflowdServer
SAM Client IPv4 <base client install dir>/nms/sample/firewall/iptables_Client
SAM Client IPv6 <base client install dir>/nms/sample/firewall/ip6tables_Client
Security FTP between the 5620 SAM Server and 5620 SAM Auxiliary
Statistics Collector and the managed network
....................................................................................................................................................................................................................................
....................................................................................................................................................................................................................................
7-16
5620 SAM
3HE-09809-AAAG-TQZZA 13.0 R7
Issue 1 December 2015
To Next Page
Loading...
