hypercube
asked on
Best Practice for remote management of critical routers and firewalls (e.g. SSG-5) having public addresses.
Normally I like to access routers only from inside the LAN. But, sometimes that's not possible and I have to access them via a public address.
What is the best practice (and settings) for doing this?
I'd like to have both WebUI and CLI access.
What is the best practice (and settings) for doing this?
I'd like to have both WebUI and CLI access.
ASKER
Using a VPN "as if" is what I do now. But that doesn't always suffice.
Any preferred security protocols? I'd rather not go in unencrypted.
Any preferred security protocols? I'd rather not go in unencrypted.
ASKER
It seems like there are a few protocols to choose from and I'm not so sure which ones are truly common so easy to work with and which ones are "old" and not so likely, etc. I'd rather not have to spend time learning the hard way....
The ideal method is via VPN to the remote LAN. But in some cases like replacement equipment, or new deployments this may not be ideal. If you are using Juniper ssg devices, they have Networks security manager (NSM) Which is a Java based application for management of juniper devices. Its worth a look and doesnt require a license for 25 devices or less.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Failing that then make sure you have a good password, and use non-standard ports.