Solved

System Monitoring Behind Multiple Firewalls

Posted on 2014-07-24
4
51 Views
Last Modified: 2016-07-14
Our company has recently been tasked with figuring out a way to monitor Windows systems in layer 3 of the purdue model which will be behind firewalls at layer 3.5 to 4 and 3.5 to 3.  Per a security policy we have in place, no traffic is being allowed out of 3 to 4, but is allowed to 3.5.  We currently use SCOM, SIM, Commvault and vCenter for alerting and backups on physical and virtual servers, but run into a scalability issue if we need to stand up all of these consoles at all the locations this could potentially be set up at.  In a nutshell we are looking for a way to maintain our centralized management, but still utilize our tools on layer 3 to receive alerting.  Is anyone aware of a product that would forward alerts from the servers to these monitoring tools without having to stand up these systems in the DMZ?
0
Comment
Question by:rymeat
  • 2
4 Comments
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
Comment Utility
I am thinking remote probes as described in the below PRTG use case. It has metric to monitor various aspects and the SSL connection to its core server at central serves the main nerve to all remote probe deployed

Http://www.paessler.com/manuals/prtg9/remote_probes_and_multiple_probes

Another is to leverage SCOM’s ACS (Audit Collection Services) in each untrusted domain (it can be co-located on the Gateway server), but since it requires an Active Directory domain, it is not suitable for workgroups.  Also to use a central ACS Collector (and associated ACS database) in the management VLAN. This required each agent (ACS Forwarder) to have direct communications on TCP 51909 with the central ACS Collector. It required additional firewall rules to be created.

http://technet.microsoft.com/en-us/library/hh212823.aspx

setting up SCOM across untrusted domains and workgroups requires the use of SCOM Gateway servers or using certificates for mutual authentication. If you are working with trusted domains, you do not need to use Gateway servers. The advantage of using Gateway servers is to facilitate communication across firewalls, by limiting the amount of access rules that need to be created.

http://blogs.technet.com/b/cliveeastwood/archive/2007/05/11/how-to-configure-audit-collection-system-acs-to-use-certificate-based-authenication.aspx

for info on opening ports on the firewall:

Between SCOM servers/agent and AD : Global Catalog (TCP 3268/3269), LDAP (TCP/UDP 389) and RPC (TCP 135)
Between SCOM servers/agents and DNS : UDP 53
Between SCOM servers and Agents : TCP 5723
1
 
LVL 61

Expert Comment

by:btan
Comment Utility
The answer shared already shared PRTG as a mean of sending the traps for central monitoring which has far more granular metric on the serber service and likewise the event forwarding via ACS setup aince user is using SCOM. A SIEMS will be good for collection of syslog rather than traps for correlation of security event though author does not have. The port opening are also highlighted.

For consideration of ID: 40219678 as solution
1

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

OfficeMate Freezes on login or does not load after login credentials are input.
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now