Server Management - Remote Server Management
1839230 Members
3082 Online
110137 Solutions
New Discussion

Re: improve ILO security

 
RicRey
Advisor

improve ILO security

I have an HPE DL180G9 server, and it has ILO 2.70 I wanted to know if there is any one to improve security since my ILO has a direct internet connection, without going through any filter ... maybe there is some way to limit it to a specific ip that I can connect?

6 REPLIES 6
Jimmy Vance
HPE Pro

Re: improve ILO security

iLO best practices suggest not to place the iLO directly exposed on any external network.  

No support by private messages. Please ask the forum! 
RicRey
Advisor

Re: improve ILO security

Is there a way to improve security? ...

what happens is that the company where the server is hosted has no budget at this time to implement a managed switch or a firewall as such ... can you give me any suggestions ??? Is there something in the ILO that allows this?

RicRey
Advisor

Re: improve ILO security

on that server I have a virtual machine, will it be possible to configure one of the virtual machines as a firewall router for the iLO ip?

PeterWolfe
Respected Contributor

Re: improve ILO security

> on that server I have a virtual machine, will it be possible to configure one of the virtual machines as a firewall router for the iLO ip?

No. The iLO network is out-of-band. Both the dedicated iLO port and the shared-port feature. 

> what happens is that the company where the server is hosted has no budget at this time to implement a managed switch or a firewall as such ... can you give me any suggestions 

Don't deploy the system in this way (don't put the iLO directly on the Internet until you do have the budget for the firewall, etc). From a security perspective that is the only correct answer. 

RicRey
Advisor

Re: improve ILO security

Maybe they have some firewall model that they recommend me?

PeterWolfe
Respected Contributor

Re: improve ILO security

Several folks sell  very inexpensive edge router/firewall type devices. I'm thinking products like  Netgate: https://www.netgate.com/solutions/pfsense/sg-1100.html and Ubiquiti: https://www.ui.com/edgemax/edgerouter-x/. They both seem to offer VPN features and firewall features and are inexpensive. I have no personal experience with either of these devices (i.e. this is not a product recommendation). Other vendors I'm sure have equivalent entry level offerings.