- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Ignite across firewalls
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-07-2007 01:32 AM
тАО06-07-2007 01:32 AM
I understand that HP does not support Ignite across firewalls but wondered if you were aware of a preferred method of getting this done.
At the moment, we are looking into providing boot helpers on each relevant subnet and then archiving using NFS.
It is NFS that is causing us a problem across firewalls.
Any help you can provide with this will be most appreciated.
Solved! Go to Solution.
- Tags:
- firewall
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-07-2007 02:08 AM
тАО06-07-2007 02:08 AM
SolutionThis document talks about setting up Ignite with Bastille:
http://docs.hp.com/en/5991-0734/5991-0734.pdf
As some of the security levels in bastille involve enabling the IPfilter firewall, there is plenty of data in here on what ports you need open for Ignite to run.
Unfortunately as NFS is involved thats a LOT of ports.
HTH
Duncan
I am an HPE Employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-07-2007 02:20 AM
тАО06-07-2007 02:20 AM
Re: Ignite across firewalls
Realistically there is no practical way to run Ignite across a firewall. NFS is used to tranfer the image, tftp is used to boot. The client and server need to be on the same network or have a boothelper.
No firewall administrator in her right mind would have those ports open on a firewall that is designed to protect something.
NFS 4 does have the ability to specify what ports portmapper will use. I did this in RHCE class. So in a situation where you were using NFS 4, you might be able to do this. NFS 3 needs a random port for portmapper in version 3. Dave Olker however probably has a solution to this issue concerning the NFS portion of the problem.
The real solution problem is booting. That uses priviledged ports below 1024 and protocols such as bootp that are simply not very secure.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-07-2007 02:33 AM
тАО06-07-2007 02:33 AM
Re: Ignite across firewalls
What I found is that in order for Ignite to work across a firewall, you have to compromise security to a point where there is no security.
We wound up purchasing a tape drive and performing a local make_tape_recovery
If you have multiple systems on the other side of the firewall, you could set one of them up to an ignite server for the those systems.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-07-2007 03:04 AM
тАО06-07-2007 03:04 AM
Re: Ignite across firewalls
Bill Hassell, sysadmin