ITO Has Two Interfaces -- Need Firewall Advice (8 Views)
Reply
Honored Contributor
Mike McKinlay
Posts: 565
Registered: ‎03-17-1999
Message 1 of 4 (8 Views)
Accepted Solution

ITO Has Two Interfaces -- Need Firewall Advice

We put a second interface into our HP-UX 11.x, ITO 5.3 system in order to allow OmniBack to talk directly to some firewalled systems. Now we're seeing a little confusion on the part of the ITO side of the system and whether it should talk to interface 1 (original ITO) or 2 (new OB).

The firewall is configured as per the HP documentation so that specific ports are opened for the RPC conversations.

What I think I'd like to do is move the ITO traffic to the second interface. That entails configuring the firewall, but it also affects the RPC_RESTRICTED_PORTS setting, which appears to lock in on the first interface it finds, rather than the one I'd like to apply it against.

Has anyone had some experience with the multiple interface issue with ITO? Caveats, hints, tips?

The worst part about this is everything was working prior to a system panic yesterday. Now I can't get OB to work with any of the systems or ITO either. The OB was configured by someone else when the second interface came in, so I'm thinking there were dynamic settings made after the system boot (when the NIC was installed) that were not written to conf files.

Thanks to everyone!
"Hope springs eternal."
Please use plain text.
Honored Contributor
Vladislav Demidov
Posts: 713
Registered: ‎05-12-2000
Message 2 of 4 (8 Views)

Re: ITO Has Two Interfaces -- Need Firewall Advice

Try to add OPC_IP_ADDRESS parameter to /opt/OV/bin/OpC/install/opcsvinfo file and restart opcserver:
ovstop opc ovoacomm
ovstart ovoacomm opc
You also have to change configuration of all agent to speek only to second interface of management server.
add OPC_IP_RESOLVE parameter to opcinfo file on all managed nodes.
Please use plain text.
Honored Contributor
Mike McKinlay
Posts: 565
Registered: ‎03-17-1999
Message 3 of 4 (8 Views)

Re: ITO Has Two Interfaces -- Need Firewall Advice

Guess multiple spaces don't work in messages, either!
"Hope springs eternal."
Please use plain text.
Honored Contributor
Mike McKinlay
Posts: 565
Registered: ‎03-17-1999
Message 4 of 4 (8 Views)

Re: ITO Has Two Interfaces -- Need Firewall Advice

Vlad, thanks for the response. Can you clarify for me the following: given your solution, will ITO continue to respond on the original interface to the agents already configured to it?

-------
| |
| ITO |
| |
-------
/
/
IP1 IP2
| |
client- F-W
client- |
client- -client
client- -client
client- -client


"Hope springs eternal."
Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation