Servers - General
cancel
Showing results for 
Search instead for 
Did you mean: 

Secure WebConsole through firewall ?

 
Ravi_8
Honored Contributor

Re: Secure WebConsole through firewall ?

hi,
if the routing doesn't exist do add to the routing table.
if u r system has static IP then add it in ur system itself or if u r in DHCP add in the unix system routing table.

can u login to the unix system? (forget the WC here)
later
ravi
never give up
Geetam
Frequent Advisor

Re: Secure WebConsole through firewall ?

Port 80 definitely open - I can browse intranet site (on NT server)

Vincenzo,
Routing definitly OK, I can ping HP9000 hosts and WebConsoles.

I can get further then that: I can connect to WebConsole with browser, I get login screen, I type username/password and click 'login'. Then I get a small box "login in progress". After a while a slightly bigger box: "the operation has failed due to a network error"

I think it is either some security mechanisme filtering my network traffic, or it could be a time-out...

Ravi,
No, I cannot login to my unix machines because the telnet port is filtered by security network equipment! That is why I am trying to get the WebConsole to work..., I normally prefer telnet.

Any idea's? (thanks for your persistence)
Vincenzo Restuccia
Honored Contributor

Re: Secure WebConsole through firewall ?

#telnet ip_webconsole 80
#telnet HP9000
Output?
Model HP9000 (N-class,L-class,???) ??
Jason Dinsdale
Frequent Advisor

Re: Secure WebConsole through firewall ?

Geetam,

Your not alone. I too have exactly the same problem in that:

1 - I'm accessing the web console from the internet via a firewall. The firewall has static NAT to xlate the private IP of the WC to a valid external IP address. Port 80 is open and the routing on the firewall had to be updated to facilitate access to the WC. I know this because I administer the firewall (FW-1 BTW).

2 - I can access the firewall just fine - I get the initial login screen, but I once I enter a username/password the dialog appears stating 'Login is in progress' - but then nothing.

My conclusion is that there must be traffic on other TCP ports that is/are being blocked.

Next week I check the firewall logs to see if anything has been logged on the firewall.

Jason
If a man talks in a forest and there is no woman to hear, is he still wrong?
Jason Dinsdale
Frequent Advisor

Re: Secure WebConsole through firewall ?

Apologies, I meant say that I can access the *Web Console* just fine via the firewall.
If a man talks in a forest and there is no woman to hear, is he still wrong?
Keir Josephson
Occasional Visitor

Re: Secure WebConsole through firewall ?

I've been experiencing exactly the same problem as well. I also checked the logs on the firewall and there are hits at port 1272, 1273, 1274, 1275, & 1276, however, they are accepted through fine. It still hangs on with the "login in progress" window.

If anyone from HP's webconsole team is reading this, what ports are the login class files accessing? The reason it appears to hang is because once the login signal is sent by the web browser there are no more data packets transmitted back from the web console. What does it need to get passed the login script?

NOTE: I don't think it's the IP range, because when I login to my local LAN RAS gear I get assigned a 209.x.x.x address and the web console has an internal 10.x.x.x address. This scenario works fine.

Jason Dinsdale
Frequent Advisor

Re: Secure WebConsole through firewall ?

Here's an update:

Not only does the web console use port 80, it also uses the telnet port (23) for the connection; apparently this is not an actual telnet connection an so it's not a security risk, but a potiential problem is that some firewalls meddle with the data stream by running a telnet proxy for firewall-based authentication etc, so even if you allowed port 23 traffic through it still might not work.

If you have the latest firmware A1.9 this port is set at 23, but in the latest beta revision (A1.10) allows you to change this to another port. Unfortunately, even though I've upgraded our web console with this beta firmware and set the port to 2100, it still doesnt seem to work.

I'll experiment some more and post more when I have some progress.

Jason
If a man talks in a forest and there is no woman to hear, is he still wrong?
Volker Borowski
Honored Contributor

Re: Secure WebConsole through firewall ?

Something to debug:

Create a regular session inside you LAN.
Connect / Disconnect / Work

All the time do a "netstst -n" in an endless loop on the machine that connects to the web-console and capture the output. Make sure all other network connections are disabled to ease debugging (mail, telnets ...)

Check the "netstat -n" output for uncommon ports, and try to permit them on the firewall.

If possible, debug on the firewall!
It should be able to give clear messages, what type of access is denied. Be aware, that most times one intends to debug only for tcp packets, but there might be udp/icmp packets be blocked as well.

Volker

Re: Secure WebConsole through firewall ?

We tested this "secure" webconsole and never "dared" to implement over the internet since it requires the telnetport 23 to be open.
Attended Interworks 2001 6 mai 2001 and learned from Juggy Krishnamurty, vp of Arula systems, that there exists a "ssl" version,
See www.arula.com for the details. Also learned: you can update the HP secure webconsole J3519A by downloading a new firmwareset. (no version givven )
Have not been able to locate it neither at ftp 192.151.11.37 nor at www.arula.com.
There is no HP secure webconsole support; this is done by Arula.
At 7 mai there were no HP plans to deliver the "SSL" version of webconsole. FYI