Systems Management (OpenView-OP Mgmt) Support and News Forum
Showing results for 
Search instead for 
Do you mean 

ITO Has Two Interfaces -- Need Firewall Advice

SOLVED
Go to Solution
Honored Contributor Honored Contributor

ITO Has Two Interfaces -- Need Firewall Advice

We put a second interface into our HP-UX 11.x, ITO 5.3 system in order to allow OmniBack to talk directly to some firewalled systems. Now we're seeing a little confusion on the part of the ITO side of the system and whether it should talk to interface 1 (original ITO) or 2 (new OB).

The firewall is configured as per the HP documentation so that specific ports are opened for the RPC conversations.

What I think I'd like to do is move the ITO traffic to the second interface. That entails configuring the firewall, but it also affects the RPC_RESTRICTED_PORTS setting, which appears to lock in on the first interface it finds, rather than the one I'd like to apply it against.

Has anyone had some experience with the multiple interface issue with ITO? Caveats, hints, tips?

The worst part about this is everything was working prior to a system panic yesterday. Now I can't get OB to work with any of the systems or ITO either. The OB was configured by someone else when the second interface came in, so I'm thinking there were dynamic settings made after the system boot (when the NIC was installed) that were not written to conf files.

Thanks to everyone!
"Hope springs eternal."
1 ACCEPTED SOLUTIONS
Honored Contributor

Re: ITO Has Two Interfaces -- Need Firewall Advice

Try to add OPC_IP_ADDRESS parameter to /opt/OV/bin/OpC/install/opcsvinfo file and restart opcserver:
ovstop opc ovoacomm
ovstart ovoacomm opc
You also have to change configuration of all agent to speek only to second interface of management server.
add OPC_IP_RESOLVE parameter to opcinfo file on all managed nodes.
3 REPLIES
Honored Contributor

Re: ITO Has Two Interfaces -- Need Firewall Advice

Try to add OPC_IP_ADDRESS parameter to /opt/OV/bin/OpC/install/opcsvinfo file and restart opcserver:
ovstop opc ovoacomm
ovstart ovoacomm opc
You also have to change configuration of all agent to speek only to second interface of management server.
add OPC_IP_RESOLVE parameter to opcinfo file on all managed nodes.
Honored Contributor Honored Contributor

Re: ITO Has Two Interfaces -- Need Firewall Advice

Guess multiple spaces don't work in messages, either!
"Hope springs eternal."
Honored Contributor Honored Contributor

Re: ITO Has Two Interfaces -- Need Firewall Advice

Vlad, thanks for the response. Can you clarify for me the following: given your solution, will ITO continue to respond on the original interface to the agents already configured to it?

-------
| |
| ITO |
| |
-------
/
/
IP1 IP2
| |
client- F-W
client- |
client- -client
client- -client
client- -client


"Hope springs eternal."