IBM Tivoli Monitoring > Version 6.3 Fix Pack 2 > Installation Guides > Installation Guide > Firewalls

IBM Tivoli Monitoring, Version 6.3 Fix Pack 2


Firewall scenarios for Tivoli Enterprise Portal

The diagrams contained in this section illustrate several firewall scenarios using various combinations of the IBM Tivoli integral Web server, an external Web server (such as Apache or IBM HTTP Server), NAT, and a second NIC on the Tivoli Enterprise Portal Server computer.

These scenarios can help you to define the Tivoli Enterprise Portal Server interface.
Figure 1 shows a scenario with the following configuration:

Figure 1. Intranet with integral Web server

The default Tivoli Enterprise Portal Server interface "cnps" is used. No additional interface definitions are needed. Browser mode users, whether going through the firewall or not, start Tivoli Enterprise Portal at:

or substitute the host name for the IP address.

For configurations using the integrated Web server and these port numbers, use the default cnps interface definition.

In this scenario, the monitoring server and agents can be installed on the Tivoli Enterprise Portal Server computer.
Figure 2 shows a scenario that has the following configuration:

Figure 2. Intranet with external Web server

Browser mode users, whether going through the firewall or not, start Tivoli Enterprise Portal Server with

(where mydirectory is the alias), or substitute the host name for the IP address.

For intranet configurations using an external Web server, with no NAT, you do not need to add a new interface definition. Web server port 80 is used automatically when none is specified in the URL.

In this scenario, the monitoring server and agents can be installed on the Tivoli Enterprise Portal Server computer.
Figure 3 shows the following two-part configuration:

Figure 3. Intranet with integral Web server; Internet with external Web server

Intranet users can enter the URL for either the integral Web server or the external Web server:

Internet users enter the URL for the NATed address:

(or substitute the host name for the IP address).

The Internet configuration requires a new Tivoli Enterprise Portal Server interface named "internet", with proxy host address 198.210.32.34 and port number 15002. The intranet firewall uses the "cnps" definition.

In this scenario, the monitoring server and agents cannot be installed on the Tivoli Enterprise Portal Server computer.
Figure 4 shows the following three-part configuration:

Figure 4. Intranet and Internet with integral and external Web servers

The intranet firewall configuration requires a new Tivoli Enterprise Portal Server interface named "intranet", which uses proxy host 192.168.1.100 and port 15003.

The Internet DMZ configuration requires a new Tivoli Enterprise Portal Server interface definition.

The Internet configuration uses the same Tivoli Enterprise Portal Server "internet" interface definition as the previous scenario: proxy host 198.210.32.34 and port 15002.

In this scenario, the monitoring server and agents cannot be installed on the Tivoli Enterprise Portal Server computer.
Figure 5 shows the following two-part configuration:

Figure 5. Two host addresses, intranet and Internet, with integral and external Web servers

The intranet firewall configuration uses the same Tivoli Enterprise Portal Server interface definition (named "intranet") as in the scenario shown in Figure 4: http://10.10.10.10; proxy host 192.168.1.100; and port 15003.

The intranet DMZ configuration uses the default Tivoli Enterprise Portal Server interface definition: host 192.168.33.33; proxy host 198.210.32.34; port 15002; and proxy port 444.

In this scenario, the monitoring server and agents cannot be installed on the Tivoli Enterprise Portal Server computer.


Parent topic:

Firewalls

+

Search Tips   |   Advanced Search