Manualshelf

VERITAS Enterprise Administrator UserÆs Guide 5.0 (September 2006)

ManualsBrandsHP ManualsSoftwareHP-UX 11i Volume Management (LVM/VxVM) Software
31323334353637383940
36 Using the VEA
Firewall support
Example 1
If a.b.c.d is a firewall machine, then:
Port 1234 on a.b.c.d = 2148 on veaserver1, and
Port 3456 on a.b.c.d = 2148 on veaserver2
...
and so on.
Now, if the client wishes to connect to veaserver1 then, it should specify the following
in the connection box:
a.b.c.d:1234
This then connects to veaserver1 and displays veaserver1 in the connected hosts,
history and favorites databases. The firewall:port combination is stored in the wallet for
subsequent connection to the server if requested by the user.
Example 2
client ---> Internet ---> firewall ---> server
and
client ---> firewall ---> server
We need to do the following:
1 Allow for an alias of port 2148 on server A to be a particular port on the firewall
machine.
2 Let Pf be the port on the firewall machine F which is an alias for port 2148 on server
A.
3 Connect using the GUI to port Pf on F. You are actually managing server A
Note: VEA uses Anonymous Deffie Hellman key exchange and is therefore vulnerable to
the man-in-the-middle attack. Therefore it is recommended that SSH or some kind of
tunnelling software be used if going across the internet. If SSH is used set up port
forwarding from client to firewall port Pf and use SSH to tunnel.