3 Replies Latest reply on Sep 4, 2012 5:25 AM by tony.lin

    Through the firewall

    tony.lin

      Hi

       

            We need to use vulnerability manager scan through the firewall, what should we need to do with firewall. which port we should open? 

        • 1. Re: Through the firewall
          gooru4speed

          To deploy an MVM solution through a Firewall I strongly suggest you to install an aditional Scan Engine in the local network you need to scan, a DMZ segment for example. In that way you just need to open three ports in the firewall to allow connection between Scan Engine and "MVM Server".

          1 of 1 people found this helpful
          • 2. Re: Through the firewall
            ritch

            Hi Tony

             

            Just to re-iterate what gooru4speed has already stated if your deployment looks like this

             

            MVM Controller -> Scanner -> Firewall -> Dest. Subnet

             

            Your firewall rule will look this

             

            Source = Scanner IP

            Dest = Dest. Subnet

            Ports = ALL (0-65535)

            Protocol = ALL

             

            This configuration also runs the risk of significantly degrading the firewall as the scanner can be quite brutal in the number and speed of connections it is making.

             

             

            If you configure it like this

             

            MVM Controller -> Firewall -> Scanner  -> Dest. Subnet

             

            The firewall rules

             

            Scanner (ScanController) IP to Database Server on port 1433

            Scanner IP To MVM Controller on port 3801

             

            There might be other rules depending on your configuration but that's what we have done.

             

            Ritch

            • 3. Re: Through the firewall
              tony.lin

              Thanks