Manualshelf

PCM+ Agent with ONE zl Module Installation and Getting Started Guide 2009-11

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
31323334353637383940
1-31
Getting Started
Example PCM+ Agent Module Deployment
Firewall Access Policies. Traffic between the PCM+ 3.10 Server (External)
and the PCM+ Agent Module (Zone1) goes through the TMS zl Module (Self).
These policies allow the traffic through the firewall.
External to Self
Self to Zone1l
Connecting to the Agent’s Web Browser Interface
From inside the firewall you would connect to the Agent’s Web browser
interface just as you normally do, using the Agent’s IP address:
https://172.17.2.2:8080
For connections from outside the firewall, a firewall access policy has been
set to allow connection to the Agent’s Web browser interface (from the public
network to the private network). To open the Agent’s Web browser interface
from outside the firewall, point your browser to the following URL, the NAT
output of the PCM+ Agent Module’s private IP address (172.17.2.2):
https://42.167.195.23:8080
This IP address (42.167.195.23) appears in the Agent Manager as the Agent’s IP
address. The Agent Web browser interface, however, shows the Agent’s pri-
vate network address. To simplify identifying an Agent, add text describing its
location and private IP address to the Agent Description.
NOTE Access policies also are added for SSH, to enable secure communication using
SSH(v2) with the Agent’s CLI (HP PCM Agent Main Menu) through the firewall.
We recommend that you change the SSH default password (procurve) from
the 1. Configuration menu by choosing 3. SSH Login Password.
Action From To Service Source Destination
Permit Traffic External Self ICMP 42.167.195.21 42.167.195.23
Permit Traffic External Self TCP/Port 8080 42.167.195.21 42.167.195.23
Permit Traffic External Self TCP/Port 51111 42.167.195.21 42.167.195.23
Permit Traffic External Self SSH 42.167.195.21 42.167.195.23
Action From To Service Source Destination
Permit Traffic Self Zone1 ICMP Any Address Any Address
Permit Traffic Self Zone1 TCP/Port 51111 Any Address 172.17.2.2
Permit Traffic Self Zone1 SSH Any Address 172.17.2.2