When a firewall and NAT are configured to the 5620 SAM Server at the SAM client
interface (NIC 3 on
Figure 8-2, “Distributed 5620 SAM Server/Database deployment
with multiple network interfaces” (p. 8-4)
) the following rules need to be applied to
allow the OSS clients to retrieve the logToFile accounting statistics information. Services
require the use of public addresses.
Table 7-12 Additional firewall rules required to allow services on the 5620 SAM
client(s) to communicate with the 5620 SAM Server if NAT is used.
Protocol From port On To port On
TCP Any Server Public Address 21 Server Private Address
TCP 21 Server Public Address Any Server Private Address
TCP > 1023 Server Public Address > 1023 Server Private Address
When there is a firewall at the interface that reaches the SAM management network (NIC
1on
Figure 8-2, “Distributed 5620 SAM Server/Database deployment with multiple
network interfaces” (p. 8-4)
), the following rules apply.
Table 7-13 Firewall rules for traffic coming into the 5620 SAM Server(s) from the
5620 SAM Database Server(s)
Protocol From port On To port On
TCP 1523 Database Server(s) Any Server(s)
TCP 9002 Database Server(s) Any Server(s)
When there is a firewall at the SAM management interface (NIC 1 on Figure 8-2,
“Distributed 5620 SAM Server/Database deployment with multiple network interfaces”
(p. 8-4)
) and 5620 SAM Server redundancy is configured, then the following rules need
to be applied. Configuration needs to be in both directions to handle an activity switch. If
multiple interfaces are used for communication to the clients (GUI and OSS) and
auxiliary servers, the network traffic from the 5620 SAM Servers and 5620 SAM
Auxiliaries could pass through the SAM client interface (NIC 3 on
Figure 8-2,
“Distributed 5620 SAM Server/Database deployment with multiple network interfaces”
(p. 8-4)
) or the SAM network interface (NIC 1 on Figure 8-2, “Distributed 5620 SAM
Server/Database deployment with multiple network interfaces” (p. 8-4)
) on the 5620
SAM Server. Configuration needs to be in both directions to handle an activity switch.
Table 7-14 Firewall rules for setups with redundant 5620 SAM Servers.
Protocol From port On To port On
TCP Any Servers 22 Servers
TCP 22 Servers Any Servers
TCP Any Servers 8087 Servers
Security Firewall and NAT rules
....................................................................................................................................................................................................................................
....................................................................................................................................................................................................................................
5620 SAM
3HE-09809-AAAG-TQZZA 13.0 R7
Issue 1 December 2015
7-21
To Next Page
Loading...
