Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

System Monitoring Behind Multiple Firewalls

Posted on 2014-07-24
4
Medium Priority
?
105 Views
Last Modified: 2016-07-14
Our company has recently been tasked with figuring out a way to monitor Windows systems in layer 3 of the purdue model which will be behind firewalls at layer 3.5 to 4 and 3.5 to 3.  Per a security policy we have in place, no traffic is being allowed out of 3 to 4, but is allowed to 3.5.  We currently use SCOM, SIM, Commvault and vCenter for alerting and backups on physical and virtual servers, but run into a scalability issue if we need to stand up all of these consoles at all the locations this could potentially be set up at.  In a nutshell we are looking for a way to maintain our centralized management, but still utilize our tools on layer 3 to receive alerting.  Is anyone aware of a product that would forward alerts from the servers to these monitoring tools without having to stand up these systems in the DMZ?
0
Comment
Question by:rymeat
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 64

Accepted Solution

by:
btan earned 2000 total points
ID: 40219678
I am thinking remote probes as described in the below PRTG use case. It has metric to monitor various aspects and the SSL connection to its core server at central serves the main nerve to all remote probe deployed

Http://www.paessler.com/manuals/prtg9/remote_probes_and_multiple_probes

Another is to leverage SCOM’s ACS (Audit Collection Services) in each untrusted domain (it can be co-located on the Gateway server), but since it requires an Active Directory domain, it is not suitable for workgroups.  Also to use a central ACS Collector (and associated ACS database) in the management VLAN. This required each agent (ACS Forwarder) to have direct communications on TCP 51909 with the central ACS Collector. It required additional firewall rules to be created.

http://technet.microsoft.com/en-us/library/hh212823.aspx

setting up SCOM across untrusted domains and workgroups requires the use of SCOM Gateway servers or using certificates for mutual authentication. If you are working with trusted domains, you do not need to use Gateway servers. The advantage of using Gateway servers is to facilitate communication across firewalls, by limiting the amount of access rules that need to be created.

http://blogs.technet.com/b/cliveeastwood/archive/2007/05/11/how-to-configure-audit-collection-system-acs-to-use-certificate-based-authenication.aspx

for info on opening ports on the firewall:

Between SCOM servers/agent and AD : Global Catalog (TCP 3268/3269), LDAP (TCP/UDP 389) and RPC (TCP 135)
Between SCOM servers/agents and DNS : UDP 53
Between SCOM servers and Agents : TCP 5723
1
 
LVL 64

Expert Comment

by:btan
ID: 41711564
The answer shared already shared PRTG as a mean of sending the traps for central monitoring which has far more granular metric on the serber service and likewise the event forwarding via ACS setup aince user is using SCOM. A SIEMS will be good for collection of syslog rather than traps for correlation of security event though author does not have. The port opening are also highlighted.

For consideration of ID: 40219678 as solution
1

Featured Post

Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question