HP UX 11i Volume Management (LVM/VxVM) Software manual 40

44Using Veritas Enterprise Administrator Firewall support

To connect

1Allow for an alias of port 2148 on server A to be a particular port on the firewall machine.

2Let Pf be the port on the firewall machine F which is an alias for port 2148 on server A.

3Connect using the GUI to port Pf on F. You are actually managing server A

VEA uses Anonymous Deffie Hellman key exchange and is therefore vulnerable to the man-in-the-middle attack. Therefore it is recommended that SSH or some kind of tunnelling software be used if going across the internet. If SSH is used set up port forwarding from client to firewall port Pf and use SSH to tunnel.

Example 3

For the case where 2148 is forwarded through the firewall (punch through):

To connect

1Let machines A and B be the servers on the secure side of the firewall.

2Let client be on the internet/intranet side

client ---> firewall ---> AB

3Configure TCP/IP routing on the client such that packets destined for AB are routed to firewall F.

4Add A and B to /etc/hosts (or equivalent) for name resolution if required.

5Connect to A or B or both machines (depending on which are to be managed).