Remote Lights-Out Mgmt (iLO 2, iLO, RILOE II) Forum
Showing results for 
Search instead for 
Do you mean 

ILO remote cosole throught firewall

Occasional Contributor

ILO remote cosole throught firewall

Hello;

I have a ML350 G5, ILO2 FW:1.61

I can login to the ILO2 and start a remote console from the private LAN with IE and FF.
I can login to the ILO2 through a firewall, and start a remote console, the java starts, status bar states "Applet com.hp.ilo2.remcons.remcons started" and the java screen states "java.net.ConnectionExection: Connection timed out: connect", but no remote console screen.

Does the java for remote console connect a different way on different ports?

How do you make this work through a NAT firewall?
hello
9 REPLIES
HPE Pro

Re: ILO remote cosole throught firewall

When in the web interfasce, click the Adminstration tab, under Settings click on access. This will show you all the ports used by the various features of iLO2.

Instead of opening ports on the firewall, I normally have a system inside the firewall I can ssh into and tunnel all the iLO ports through the ssh session.




__________________________________________________
No support by private messages. Please ask the forum!      I work for HPE

If you feel this was helpful please click the KUDOS! thumb below!   
Occasional Contributor

Re: ILO remote cosole throught firewall

Thank you;

This doesn't answer my question. I have open up all ports (TCP and UDP, 1024-65535) and still the Remote Console with java still come back with no display and the "java.net.ConnectionExection: Connection timed out: connect"

So which port or service do I look at to enable this? The choices are:
Terminal Services Port:
Virtual Media Port:
Shared Remote Console Port:
Console Replay Port:
Raw Serial Data Port:

Yes I can control a PC inside the private LAN and then Remote Control the ILO2, but I need the capability to this directly through the firewall.

Thank you.
hello
Honored Contributor

Re: ILO remote cosole throught firewall

hi John

check this advisory

I think could help you

Integrated Lights-Out 2 (iLO 2) Remote Console and Virtual Media Applets May Not Operate as Expected When Accessed With Java Runtime Environment (JRE) Version 1.5.x or Version 1.6.x

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01075687〈=en&cc=us&taskId=101&prodSeriesId=1146658&prodTypeId=18964

try and let us know

bye
Didn't your momma teach you to say thanks!
Occasional Contributor

Re: ILO remote cosole throught firewall

Thank you for the information. The HP TID did not exactly fit the description of the issue I am having. And did not list the ports to open through a firewall.

I still have the issue.

WHAT PORTS NEED TO OPENED IN A FIREWALL?

hello
Honored Contributor

Re: ILO remote cosole throught firewall

the port indicating in the value you wrote before

Virtual Media Port: "port that is here"

bye
Didn't your momma teach you to say thanks!
HPE Pro

Re: ILO remote cosole throught firewall


"When in the web interface, click the Adminstration tab, under Settings click on access. This will show you all the ports used by the various features of iLO2"


Remote Console/Telnet Port: 23



__________________________________________________
No support by private messages. Please ask the forum!      I work for HPE

If you feel this was helpful please click the KUDOS! thumb below!   
Occasional Visitor

Re: ILO remote cosole throught firewall

I am also having the same problem on one of our client. I can access the remote console from a workstation on the same LAN (without firewall in between) but when I do it remotely with firewall in between I can login to ILO2 but can't access the remote console. I looked at the firewall and then I saw that accessing the remote console needs port 23 open at the firewall as it is being dropped.
Advisor

Re: ILO remote cosole throught firewall

Agreed, I have found that port 23 seems to need to be open through a firewall too for the remote console to work (I wonder what the security implication is?).

Note that if you're changing the port too (i.e. PAT in the firewall) that would presumably cause a problem too - I guess you'd need to change your Remote Console/Telnet port to the preferred outside port instead of 23 (and then just pass this new port straight through the firewall without translation).

I assume most people VPN into the local or management networks so don't see these kind of issues.


Simon
Occasional Visitor

Re: ILO remote cosole throught firewall

I have a similiar problem. However the problem isn't the ports, the problem is the IP address that is behind the firewall for the iLO interface. The java/link in OA does not get NAT'd; OA uses the IP addresses that is locally configured with the system. It doesnt have any knowledge of the address that is NAT'd to.

I confirmed this with packet traces. anyone know how to get around this?