Hi.
I think that Robert is not 100% right.
All Site Protector (SP) componets during installation ask what IP-addrress
to bind to (through which interface component will communicate with
others). So, if you have Application Server (AS) on computer with multiple
IP-addresses you can use ONLY ONE to connect to with console, i.e. AS can
operate only via one IP and it is stored in Site DB (see Sites table). The
same situation is with Desctop Controller. It means that if you have
Desctop Agents in two different network segments without routing between
them, you have to install two desctop controllers - one for each segment.
But, Event Collector (EC), can pull events from different segments via
different NICs. Probubly because EC is client for sensors.
As for me I think that it is not right when SP componet can operate only
through one IP, because it is recommended to configurate stealth mode for
sensors and it can be done for RNE without problems, but for RSV it isn't
always possible because usually communication with SP components is going
through company's production network. So, if ISS will decide to modify EC
so that it will be able to operate through only one IP, we'll have to
configure roting between Out-Of-band segment wuth sensors management
interfaces and protect that segment with firewall OR install multiple ECs:
one for out-of-band segment, another for commont VLANs, etc.
So, i think, it is desirable for SP components to listen to on all IPs on
box they installed. But now it is not so.
---
Best regards, Sergey V. Soldatov.
tel/fax +7 095 745 89 50 (2663)
"Duncanson, Robert"
<[EMAIL PROTECTED] To: <[EMAIL PROTECTED]>, <[EMAIL
PROTECTED]>
om> cc:
Sent by: Subject: RE: [ISSForum]
Siteprotector managing multiple IP segments
[EMAIL PROTECTED] using twoNICs
19.08.2004 12:40
Mustapha,
Yes, TCP/IP-level decisions are made by the operating system, not by
SiteProtector. In other words, as long as there is IP connectivity to
the sensor, SiteProtector will be able to connect. The simplest check is
to telnet to the sensor on port 2998, 901 (Network ensor) or 902 (Server
Sensor).
Note: In some cases when NAT (Network Address Translation) is used
between SiteProtector and sensor, SiteProtector needs a particular
configuration. You can find good information in the product
documentation itself, as well as the ISS knowledgebase.
Cheers,
Robert
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: 18 August 2004 05:41
To: [EMAIL PROTECTED]
Subject: [ISSForum] Siteprotector managing multiple IP segments using
twoNICs
Realsecure Siteprotector 2 SP4
Windows 2000 server SP4
MS-SQL SP3
Is it possible to Manage two/multiple sesnor in different IP segments
using one Siteprotector (Application server, Event Collector and DB)
with two/multiple NIC's for management. Is there an issue for running
the application server/Event collector daemons on the Siteprotector with
multiple NIC's?
regards
Mustapha
MUSTAPHA HUNEYD, CISSP
Emirates Telecommunications Corporation
Mob:+971506625859 Tel: +97126184804
---------------------------------
ALL-NEW Yahoo! Messenger - all new features - even more fun!
_______________________________________________
ISSForum mailing list
[EMAIL PROTECTED]
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to [EMAIL PROTECTED]
The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
_______________________________________________
ISSForum mailing list
[EMAIL PROTECTED]
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to [EMAIL PROTECTED]
The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
_______________________________________________
ISSForum mailing list
[EMAIL PROTECTED]
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to [EMAIL PROTECTED]
The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303
Barfield Road, Atlanta, Georgia, USA 30328.
