Date post: | 20-Jan-2018 |
Category: |
Documents |
Upload: | doris-harper |
View: | 213 times |
Download: | 0 times |
3 © 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
CAM- MCC Clients will communicate to the DMZ Server namespaces via CAM
- CAM, by default, uses UDP port.- CAM must be configured to use TCP port.
4 © 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Firewall
Global Catalog
DMZ LocalCatalog 4105
MDB
GlobalCatalog
EMAgents
Console Logs
4105
BLOCKED
5 © 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Configuring CAM to use TCP port- Execute camsave config
- This will generate save.cfg in the cam directory with the current CAM settings
- copy save.cfg to cam.cfg. - Update cam.cfg to add *PATH entry- Repeat the same on the MDB server- Recycle CAM to pick the TCP port
6 © 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Configure CAM to use TCP port
7 © 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Copy save.cfg to cam.cfg
8 © 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Update cam.cfg
9 © 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Verify TCP port
10 © 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Verify TCP port
12 © 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Requirements- Secured zone namespaces should not be displayed for DMZ MCC clients
- All DMZ namespaces should be displayed for secured zone MCC Clients
- CAM port 4105 to be blocked for inbound traffic
13 © 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Firewall
Global Catalog
DMZ LocalCatalog 4105
MDB
GlobalCatalog
EMAgents
Console Logs
4105
BLOCKED
14 © 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Global Catalog- For Global Catalog to the DMZServer temporarily select “Only show namespaces published in the new catalog” option
- This will synchronize the dmzServer namespaces into the secured zone local catalog
- Once this is done, reset the master catalog to the secured zone.
15 © 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Global Catalog
This will copy the DMZServer namespaces into the secured zone local catalog but will not update the DMZServer catalog
16 © 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
DMZ Local Catalog- This confirms none of the secured zone namespaces are copied in the DMZ catalog
17 © 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Secured Zone Catalog- This confirms DMZ namespaces are copied into the secured zone namespaces
18 © 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Reset Master Catalog
19 © 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
MCC Client – Secured Zone
Displays DMZServer Namespaces
22 © 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Requirements- Launch MCC clients from the secured zone without opening any CAM port for inbound traffic
23 © 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
MCC Client – Secured Zone
24 © 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Displays DMZ Console Log
25 © 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Console Log- Classic conlog gui requires mapping of unishare$ share to display console log. This requires UDP port to be opened for inbound traffic which will not be acceptable to the Firewall Administrator
- MCC conlog requires outbound TCP port to be unblocked
26 © 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Console Log Outbound TCP Port
27 © 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
DMZ Conlog via MCC
28 © 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Console Logs
DMZServer