IBM Tivoli Monitoring > Version 6.3 Fix Pack 2 > Installation Guides > Installation Guide > Firewalls > Determine which option to use

IBM Tivoli Monitoring, Version 6.3 Fix Pack 2


Permission at the firewall

If the network configuration allows traditional connection flow, the next consideration is what firewall permissions, if any, are required of the firewall that separates the private, trusted server network from the public, untrusted client network. For simplicity the firewall between these disjoint networks is referred to as the barrier firewall.

If all ports are permitted across the barrier firewall, then server address continuity becomes a consideration (see Server address continuity).

If no ports are permitted at the barrier firewall, then to achieve interoperability among components in this firewall environment, full-duplex traffic must be permitted by the firewall administrator for as many ports as there are servers being concurrently accessed. For example, if Tivoli Enterprise Monitoring Agents are accessing only the Tivoli Enterprise Monitoring Server, then only one port must be permitted (for full-duplex traffic) or opened at the barrier firewall. This is the well-known monitoring server port (the default is 1918 for IP.PIPE, 3660 for IP.SPIPE). If agents are accessing two servers concurrently, a monitoring server and a Warehouse Proxy server, then two ports must be opened at the firewall, one for the monitoring server (typically 1918), and one for the Warehouse Proxy (typically 63358) for interoperability in this firewall environment.


Parent topic:

Determine which option to use

+

Search Tips   |   Advanced Search