TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ----------------------------------------------------------------------------
Hi Marc, you are entering the danger zone here! Firstly your plug-gw has to be fully transparent on the IP layer, because all traffic from and to the sensors is encrypted. Why not use a packet filter anyway? Secondly there is an issue with NAT and RS 6.0, so if you talk to other IP-adresses than the sensors actually have you got a problem. This is promised to be fixed in Rel. 6.5 of netsensor coming this month. There may be other issues I am not aware of right now. I would strongly recommend to use either a p/f or an out-of-band mgmt lan (requ. dual homed hosts in the dmz!) to talk to the sensors. Karl m p schrieb: > > TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to > [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! > ---------------------------------------------------------------------------- > > Hi, > > we are deploying ServerSensors 5.5 to some web-servers in a DMZ which is only > connected to our internal LAN through a maintenance link. We can not access > these sensors directly only through a plug-gw. > > The layout is the following: > > LAN > | > | > A. FW-1 with plug-gw > listening on port 12998, 22998 and 1902, 2902 > | > | (maintenance link) > | > B. FW-1 with the internet uplink <-> Internet > | | > | | > | | > DMZ 1 DMZ 2 > C. Host listening D. Host listening > on 2998 and 2902 on 2998 and 2902. > > The ports 12998 and 1902 on host A. are forwarded via the plug-gw to host C. > 2998 and 1902. > The ports 22998 and 2902 on host A. are forwarded via the plug-gw to host D. > > Host A. and B. are allowing the connections (seeing an "accept"-log entry in > the firewall log). > > Is there anybody else using RealSecure and plug-gw for their DMZ's? > Any know issues? > Or has anyone a better idea for providing the connectivity requiered for the > sensors? > > Thanks in advance > > Marc > > __________________________________________________________________ > > Gesendet von Yahoo! Mail > http://mail.yahoo.de -- ------------------------- BDG GmbH & Co.KG Make IT Safe! Wendelinstrasse 1 50933 Köln Germany Tel: +49+221/954231-0 Fax: +49+221/954231-31 eMail: [EMAIL PROTECTED] Web: www.bdg.de -------------------------
