Topology Discovery and evading firewall policy

We're implementing a Topology Discovery tool from BMC that spawns multiple network connections(TCP and UDP) connections. The firewall policy(SmartDefense) is strict in the company and management want to limit the concurrent sessions to 60 per second per ip.  The Discovery product doesn't have the micro options for fine tuning NMAP connections within the tool and it spawns > 100 sometimes and so the tool is erroring out manytimes. Are there ways to evade the firewall rules without touching firewall settings?
lsmkAsked:
Who is Participating?
 
rsivanandanCommented:
If there is a way to do this then the firewall is no good :-)

By default you can't do it.

Cheers,
Rajesh
0
 
lsmkAuthor Commented:
There is a way to do it by splitting the discovery tasks into smaller tasks but again it is a tedious process for a bigger company which involves 1000s of smaller tasks. Again my question is: Any external parameters/options/network or NMAP settings possible without changing the settings of firewall?
0
 
Bill BachPresidentCommented:
Does BMC's tool need to run full-time?  Disable the FW restriction, run the tool, and reenable the FW restriction.
0
WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

 
rsivanandanCommented:
1. May be you could schedule it to run in the nights so that nobody is affected ?

2. Or else scheduling in small intervals, however this doesn't solve the problem of 60/s.

Cheers,
Rajesh
0
 
lsmkAuthor Commented:
Thanks for your solutions but i'm looking for something different.
0
 
Bill BachPresidentCommented:
I guess that I'm just not sure what kind of solution you are looking for.

Firewalls are designed to prevent the "bad" behavior like this, as it could be caused by a virus establishing lots of outbound Email connections, a trojan horse trying to break into other machines, and the like.  If the firewall could be worked around in this case, then it could be worked around in any case, and it would be somewhat useless.  Sounds like you want the impossible.
0
 
lsmkAuthor Commented:
i'm looking for network settings(NMAP...etc) IF ANY pssible outside firewall and the Discovery product that can take care of the number of sessions for a particular discovery job.

Looks like it is not possible as i originally thought.Thanks all.
0
 
lsmkAuthor Commented:
this thread may be closed
0
 
Computer101Commented:
Forced accept.

Computer101
EE Admin
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.