Table 7-2 Sample iptables filter rules lists file locations (continued)
SAM Component Protocol File Location
SAM Client Delegate IPv4 <base client install dir>/nms/sample/firewall/iptables_DelegateServer
SAM Client Delegate IPv6 <base client install dir>/nms/sample/firewall/ip6tables_DelegateServer
It is imperative that all rules are considered completely for the 5620 SAM systems to
inter-operate correctly. The following tables will define the rules to be applied to each
5620 SAM workstation. Within the section there will be a number of conditions that
indicate whether or not that particular table needs to be applied.
See
“Using Network Address Translation” (p. 8-9) for supported NAT configurations.
5620 SAM server firewall and NAT rules
When there is a firewall at the 5620 SAM Server(s) interface that reaches the managed
network (NIC 2 on
Figure 8-2, “Distributed 5620 SAM Server/Database deployment with
multiple network interfaces” (p. 8-4)
), the following firewall rules need to be applied.
Table 7-3 SNMP Firewall rules for traffic between the 5620 SAM Server(s) and
the managed network
Protocol From port On To port On Notes
UDP Any Managed Network 162 Server(s) SNMP trap initiated
from the NE
UDP >32768 Server(s) 161 Managed Network SNMP request
UDP Any Server(s) 8001 Managed Network SNMP for 9471 WMM
UDP 161 Managed Network > 32768 Server(s) SNMP response
TCP >32768 Server(s) 1491 Managed Network SNMP TCP Streaming
TCP 1491 Managed Network > 32768 Server(s) SNMP TCP Streaming
UDP >32768 Managed Network 6633 Server(s) OpenFlow
UDP 6633 Server(s) > 32768 Managed Network OpenFlow
Note: Due to the size of SNMP packets, IP fragmentation may occur in the network.
Ensure the firewall will allow fragmented packets to reach the server(s).
Table 7-4 Telnet / FTP Firewall rules for traffic between the 5620 SAM Server(s)
and the managed network
Protocol From port On To port On Notes
TCP >32768 Server(s) 23 Managed Network Telnet request
TCP 23 Managed Network > 32768 Server(s) Telnet response
Security Firewall and NAT rules
....................................................................................................................................................................................................................................
....................................................................................................................................................................................................................................
5620 SAM
3HE-09809-AAAG-TQZZA 13.0 R7
Issue 1 December 2015
7-17
To Next Page
Loading...
