ITM 6 and Firewalls

The ITM 6 Firewall Gateway Feature enables additional end to end connectivity options for use in environments with specific TCP/IP connection management policies.

The Firewall Gateway provides the following functionality:

  • Gateway instances interoperate over a single physical relay connection. Logical connections are multiplexed over the relay. The origination direction of the relay connection is configurable to match enterprise firewall transit requirements.
  • Relay support enables a logical connection to span multiple firewall zones. Each relay instance can optionally provide access to the upstream management network. Multiple relays can be chained to provide seamless hops across multiple zones.
  • Proxy support provides a transparent interface to IBM Tivoli Monitoring V6.1 components. Server proxy components reside downstream and listen for inbound connections. Client proxy components reside upstream and make connections to services on behalf of downstream endpoints.
  • All ports used by gateway instances are configurable. Port pooling is available to constrain client proxy connections to designated port values.
  • Multiple fail over addresses can be configured for all gateway connections.

The following diagram shows a simplified diagram of firewall usage and how ITM 6.1 can communicate through firewalls.

firewall itm6.1

XML Configurations

All gateway configurations are created through XML. A sample file is shown below:

<tepgwml:gateway name="temag2">
<zone name="dmz2">
<interface name="uprelay" ipversion="4" role="listen">
<bind localport="10021">
<connection remoteport="10021"></connection>
<interface name="downrelay" ipversion="4" role="connect">
<bind localport="10022">
<connection remoteport="10022"></connection>
<interface name="serverproxy" ipversion="4" role="proxy">
<bind localport="1918" service="tems"/>
<bind localport="6014" service="whp"/>

Views: 160