we have a requirement to monitor a device but communication inbetween our network(~NPM) and customer network will happen via HTTPS proxy tunnel so does NPM supports this type of setup for polling?
Thanks in advance for helping me out.
Any connection type is supported as long as:
1. Firewall on both ends permit the use of Orion's polling protocols (ICMP, SNMP etc) both ways.
Thanks for the quick response.Customer firewall doesn't allow any port or protocol other than 443. All ports are opened in between device and customer firewall but only 443 (https proxy) is opened inbetween customer Firewall and our network(NPM,NTA,etc).
My understanding is Solarwinds doesnt support such type of environments. Even if additional poller is installed on customer network then specific ports(17777,etc) need to be opened in the firewalls.
The only option I can think of is implementation of solarwinds on customer premises and accessing webconsole using https from our network.
Any idea/suggestions?
You cannot change the ports that Orion uses to monitor with but you can redirect all traffic to a specific port through the firewall, in your case port 443. This is something that you have to configure on your end.On the customer's end, they'll need to make sure that all traffic returned gets redirected through port 443 as well.
Is a VPN solution not preferred by the customer? This would be the easiest thing to do and manage in the long run.
Thanks Deltona for the quick response. Based on earlier discussion with customer,they haven't agreed on VPN solution.
Does redirection of all traffic to a specific port through the firewall need to be configured on firewall or do we need to use some other tool?
"you can redirect all traffic to a specific port through the firewall, in your case port 443. This is something that you have to configure on your end.
On the customer's end, they'll need to make sure that all traffic returned gets redirected through port 443 as well." : In this case,does Solarwinds will be able to translate the traffic ?
I used a TCP/IP server based tool long ago that could redirect all traffic to a specific port but it didn't work out as expected because source data (source IP and port) got stripped by the application.
Nowadays we all use VPN for this and you can get it as a software solution to be installed on the server. All traffic would be redirected by the software (which sits as a driver on the server's network interface card).
The best solution is still hardware based VPN tunnel from site to site.
Assuming you only have the one device at the remote site then you could use ssh port forwarding to create a virtual connection between the two sites.
This is untested, but could be a starting point...
ssh on one connects to a sshd on the other using port 443 and then you make use of UDP port forwarding like this: Peter V. Mørch's site » Blog Archive » Forwarding SNMP ports over SSH using socat(SSH normally works over port 22, but it doesn't have to)
for more scariness you can use snmp community strings and a snmp proxy at the remote end to support multiple targets (note: use multiple loopback addresses for the localhost at the solarwinds poller end to give you multiple nodes each with different community strings)
Snmpd proxy - Net-SNMP Wiki (127.0.0.0/8 is loopback: try pinging 127.10.20.30 -- you should not be surprised by the results)
/RjL
