[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [ISSForum] Siteprotector managing multiple IP segmentsusing twoNICs



Now I have AS's IP in out-of-band VLAN for Sensor Controller to control
RNE'e. DC's IP is in common VLAN with users desktops. I don't want to
create permanent route between out-of-band VLAN and common VLAN, i think
that it's wrong (although it is the situation described in ISS's
"Introduction to SP" students guide).

Please correct me if it isn't so.
---
Best regards, Sergey V. Soldatov.
tel/fax +7 095 745 89 50 (2663)


                                                                                                                    
              "Ballerini, Jean Paul                                                                                 
              (ISS EMEA)"                      To:       "Sergey V Soldatov" <SVSoldatov@xxxxxx>,                   
              <JPBallerini@xxxxxxx>             <robert.duncanson@xxxxxxxxxxxxx>                                    
                                               cc:       <mhbengal@xxxxxxxxx>, "issforum@xxxxxxxxxxxxxxxx"          
              20.08.2004 15:58                  <issforum@xxxxxxx>                                                  
                                               Subject:  RE: [ISSForum] Siteprotector managing multiple IP          
                                                segmentsusing  twoNICs                                              
                                                                                                                    




Sergey,

You are correct that it should be able to use multiple NICs without
further issues and we are working on it.
Though you really only need to add a permanent route in order to connect
both to the AS and to the DC. There is no absolute need to install 2
separate DCs.

Jean Paul

-----Original Message-----
From: issforum-bounces@xxxxxxxxxxxxxxxx On Behalf Of Sergey V Soldatov
Sent: Friday, August 20, 2004 11:44 AM
To: robert.duncanson@xxxxxxxxxxxxx
Cc: mhbengal@xxxxxxxxx; issforum@xxxxxxxxxxxxxxxx
Subject: RE: [ISSForum] Siteprotector managing multiple IP segmentsusing
twoNICs


Hi.

I think that Robert is not 100% right.

All Site Protector (SP) componets during installation ask what
IP-addrress
to bind to (through which interface component will communicate with
others). So, if you have Application Server (AS) on computer with
multiple
IP-addresses you can use ONLY ONE to connect to with console, i.e. AS
can
operate only via one IP and it is stored in Site DB (see Sites table).
The
same situation is with Desctop Controller. It means that if you have
Desctop Agents in two different network segments without routing between
them, you have to install two desctop controllers - one for each
segment.

But, Event Collector (EC), can pull events from different segments via
different NICs. Probubly because EC is client for sensors.

As for me I think that it is not right when SP componet can operate only
through one IP, because it is recommended to configurate stealth mode
for
sensors and it can be done for RNE without problems, but for RSV it
isn't
always possible because usually communication with SP components is
going
through company's production network. So, if ISS will decide to modify
EC
so that it will be able to operate through only one IP, we'll have to
configure roting between Out-Of-band segment wuth sensors management
interfaces and protect that segment with firewall OR install multiple
ECs:
one for out-of-band segment, another for commont VLANs, etc.

So, i think, it is desirable for SP components to listen to on all IPs
on
box they installed. But now it is not so.

---
Best regards, Sergey V. Soldatov.
tel/fax +7 095 745 89 50 (2663)




              "Duncanson, Robert"

              <robert.duncanson@xxxxxxxxxxx        To:
<mhbengal@xxxxxxxxx>, <issforum@xxxxxxx>
              om>                                  cc:

              Sent by:                             Subject:  RE:
[ISSForum] Siteprotector managing multiple IP segments
              issforum-bounces@xxxxxxx              using    twoNICs





              19.08.2004 12:40









Mustapha,

Yes, TCP/IP-level decisions are made by the operating system, not by
SiteProtector. In other words, as long as there is IP connectivity to
the sensor, SiteProtector will be able to connect. The simplest check is
to telnet to the sensor on port 2998, 901 (Network ensor) or 902 (Server
Sensor).

Note: In some cases when NAT (Network Address Translation) is used
between SiteProtector and sensor, SiteProtector needs a particular
configuration. You can find good information in the product
documentation itself, as well as the ISS knowledgebase.

Cheers,
Robert


-----Original Message-----
From: issforum-bounces@xxxxxxx [mailto:issforum-bounces@xxxxxxx]
Sent: 18 August 2004 05:41
To: issforum@xxxxxxx
Subject: [ISSForum] Siteprotector managing multiple IP segments using
twoNICs


Realsecure Siteprotector 2 SP4
Windows 2000 server SP4
MS-SQL SP3

Is it possible to Manage two/multiple sesnor in different IP segments
using one Siteprotector (Application server, Event Collector and DB)
with two/multiple NIC's for management. Is there an issue for running
the application server/Event collector daemons on the Siteprotector with
multiple NIC's?

regards
Mustapha

MUSTAPHA HUNEYD, CISSP
Emirates Telecommunications Corporation
Mob:+971506625859  Tel: +97126184804


---------------------------------
 ALL-NEW Yahoo! Messenger - all new features - even more fun!
_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.

_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.





_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.





_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.