Solved

System Monitoring Behind Multiple Firewalls

Posted on 2014-07-24
4
91 Views
Last Modified: 2016-07-14
Our company has recently been tasked with figuring out a way to monitor Windows systems in layer 3 of the purdue model which will be behind firewalls at layer 3.5 to 4 and 3.5 to 3.  Per a security policy we have in place, no traffic is being allowed out of 3 to 4, but is allowed to 3.5.  We currently use SCOM, SIM, Commvault and vCenter for alerting and backups on physical and virtual servers, but run into a scalability issue if we need to stand up all of these consoles at all the locations this could potentially be set up at.  In a nutshell we are looking for a way to maintain our centralized management, but still utilize our tools on layer 3 to receive alerting.  Is anyone aware of a product that would forward alerts from the servers to these monitoring tools without having to stand up these systems in the DMZ?
0
Comment
Question by:rymeat
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 64

Accepted Solution

by:
btan earned 500 total points
ID: 40219678
I am thinking remote probes as described in the below PRTG use case. It has metric to monitor various aspects and the SSL connection to its core server at central serves the main nerve to all remote probe deployed

Http://www.paessler.com/manuals/prtg9/remote_probes_and_multiple_probes

Another is to leverage SCOM’s ACS (Audit Collection Services) in each untrusted domain (it can be co-located on the Gateway server), but since it requires an Active Directory domain, it is not suitable for workgroups.  Also to use a central ACS Collector (and associated ACS database) in the management VLAN. This required each agent (ACS Forwarder) to have direct communications on TCP 51909 with the central ACS Collector. It required additional firewall rules to be created.

http://technet.microsoft.com/en-us/library/hh212823.aspx

setting up SCOM across untrusted domains and workgroups requires the use of SCOM Gateway servers or using certificates for mutual authentication. If you are working with trusted domains, you do not need to use Gateway servers. The advantage of using Gateway servers is to facilitate communication across firewalls, by limiting the amount of access rules that need to be created.

http://blogs.technet.com/b/cliveeastwood/archive/2007/05/11/how-to-configure-audit-collection-system-acs-to-use-certificate-based-authenication.aspx

for info on opening ports on the firewall:

Between SCOM servers/agent and AD : Global Catalog (TCP 3268/3269), LDAP (TCP/UDP 389) and RPC (TCP 135)
Between SCOM servers/agents and DNS : UDP 53
Between SCOM servers and Agents : TCP 5723
1
 
LVL 64

Expert Comment

by:btan
ID: 41711564
The answer shared already shared PRTG as a mean of sending the traps for central monitoring which has far more granular metric on the serber service and likewise the event forwarding via ACS setup aince user is using SCOM. A SIEMS will be good for collection of syslog rather than traps for correlation of security event though author does not have. The port opening are also highlighted.

For consideration of ID: 40219678 as solution
1

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recovering from what the press called "the largest-ever cyber-attack", IT departments worldwide are discussing ways to defend against this in the future. In this process, many people are looking for immediate actions while, instead, they need to tho…
Make the most of your online learning experience.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question