HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
ProLiant Servers (ML,DL,SL)
cancel
Showing results for 
Search instead for 
Did you mean: 

Lights-out 100 Advanced

 
mossun
Occasional Visitor

Lights-out 100 Advanced

Im after some help with setting this up. Also any advice would be helpful

 

 I have a SBS 2008 running on an ML110 G6, certificate is setup and port 443 (https) (on router) directing to the sbs OS (192.168.5.100) on the server.

The lights-out has a fixed IP address (192.168.5.99).   How can I access the Lights Out from the outside using https?

 

Thank you

3 REPLIES
Johan Guldmyr
Honored Contributor

Re: Lights-out 100 Advanced

Aha, your server is behind a NAT.

It is not recommended that you publish the lights-out to somewhere on the internet where it can be directly accessed.

If I were you I'd set up a vpn on another server and then allow you to connect to the lights-out only via that vpn-server.

You could change the port on the lights-out or change the port on your SBS 2008.

Or, in a lot of NAT routers you can forward for example port 12345 to port 443 on a machine behind the NAT. So then lights-out would still actually listen on port 443 but you would connect to it via port 12345 to the public IP.

But really, I'd be careful with putting lights-out on the internets.
mossun
Occasional Visitor

Re: Lights-out 100 Advanced

Thats a very usefull answer. Thank you.  Previously Id been using the VPN server on the router to connect to lights-out but that becamet faulty so I was looking for alternatives.

  Ive allready changed the default usernames and have solid passwords on the lights-out but Im assuming from your response that there are still vulnerabilities in the product?  

  

Johan Guldmyr
Honored Contributor

Re: Lights-out 100 Advanced

I wouldn't say that there are open vulnerabilities for the Lights-Out 100. 

 

But there have been: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02498412

 

I looked briefly in the user guide for the LO100i but couldn't find much more you could do in terms of hardening (except disable telnet, but if you're behind a NAT maybe it's not needed) and to use ssl/certificate.

 

Maybe there are more hardening things you can do on the router?

 

http://bizsupport1.austin.hp.com/bc/docs/support/SupportManual/c02752580/c02752580.pdf