Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1147
Views
0
Helpful
3
Replies

[TMS] Connectivity:Behind Firewall

Darren Goulden
Level 1
Level 1

‎12-04-2012 06:44 AM - edited ‎03-18-2019 12:14 AM

Hi,

In what situation would TMS set a system from 'Connectivity:Reachable on LAN' to 'Connectivity:Behind Firewall', we are onboarding a few systems this week and some of the systems are being changed by TMS itself after being added, the change is not immediate, I only notice it when I go back onto TMS after an hour or so.

Cheers

Labels:
0 Helpful
3 Replies 3

Darren Goulden
Level 1
Level 1

‎12-04-2012 06:53 AM

Just to add (before the obvious replies ), there is a firewall between the endpoints and TMS, in the setup below, the endpoints are not configured with the NAT addresses but TMS does communicate with the endpoints via the NAT address on the outside leg of the FW

- ENDPOINTS - 10.10.10.0/24 --

                  |

                  |

         10.10.10.254

                FW

        10.255.255.254

                  |

NAT addresses for each endpoint (only for TMS management)

          10.255.255.0/24

                  |

                  |

----- TMS - 10.255.255.253 ----

Is there anyway to stop TMS changing the connectivity field?

0 Helpful

Martin Koch
VIP Alumni
VIP Alumni
In response to Darren Goulden

‎12-04-2012 05:33 PM

To not run into the "behind firewall" detection you have to make sure that the address the TMS

receives a request from is the same as it can transparent reach it. A n>m nat would break that.

Also check that all required ports are open, TMS should be fine with SNMP, HTTP, HTTPS, ICMP in both ways.

but for your own management (like debugging via a remote desktop session from the TMS)

ftp, telnet, ssh, ftp shall also be open.

I have seen that a static n=m nat can work, but I strongly recommend that the endpoint IP address

shall not be NATed and that there is a transparent connection in between TMS and the Endpont.

In all other scenarios you most likely run in to trouble, like you see it today.

During Tandberg times we had filed a feature request as I do not really see a reason for the

crappyness of a behind firewall handling. A robust full featured management behind firewall should be possible,

but thats future ware, i would recommend filing a feature request as that would also solve your problem.

Please remember to rate helpful responses and identify

0 Helpful

Darren Goulden
Level 1
Level 1
In response to Martin Koch

‎12-05-2012 12:21 AM

Hi Martin, we too have done the same in the past, we were told that there was something in the works to proxy TMS management via the VCS but I guess as times have moved on this would only be for provisioned devices. Thanks for your input

0 Helpful
Customers Also Viewed These Support Documents