I have no comment on the best method of firewall implementation. However, I could not let the statement that TSM Sends it username/password as plain text go by without comment.
Neither the TSM Client nor the Web-GUI send the username/password in the clear. I am not sure where this information came from but it just is not true. Here is a post from about a year ago that explains how the password is sent, the explanation goes for the Client as well as the Web-GUI: http://msgs.adsm.org/cgi-bin/get/adsm0302/707.html Regards, Neil Rasmussen Software Development Data Protection for Oracle [EMAIL PROTECTED] Sal Mangiapane <[EMAIL PROTECTED]> Sent by: "ADSM: Dist Stor Manager" <[EMAIL PROTECTED]> 04/21/2004 08:06 PM Please respond to salm To [EMAIL PROTECTED] cc Subject Re: Firewall backups We operate through firewalls differently: We have a small VPN device that we use to create an IPSec VPN tunnel and only have entries in the firewall for this tunnel, then we run all ITSM traffic through the tunnel. Makes for simpler firewall settings and adds extra security because username/password is sent as plain text by ITSM. You will also want to limit the Web-GUI client for security reasons too (plain text -- too). I can provide more details, contact me directly: salm(at)vitalds(dot)com or 724-758-3981 Sal Vital Data Systems > -----Original Message----- > From: ADSM: Dist Stor Manager [mailto:[EMAIL PROTECTED] Behalf Of > Gill, Geoffrey L. > Sent: Wednesday, April 21, 2004 6:43 PM > To: [EMAIL PROTECTED] > Subject: Firewall backups > > > We're trying to get backups running outside a firewall and below are the > results of a test. The network folks sent me this log to show the ports > which communicating during backup. On the left is the server IP on the right > is the client IP. > > The client settings are below. The question is how to get all to communicate > on one specified port so they can tighten down acls. I've read the write-up > on this and thought everything was set properly but I must be missing > something. If someone has advice it would be greatly appreciated. > > > > Thanks, > > > > COMMmethod TCPIP > > TCPServeraddress xxx.xxx.xxx.xxx > > TCPCLIENTADDRESS xxx.xxx.xxx.xxx > > WEBPORTS 1582,1583 > > TCPPort 1500 > > TCPCLIENTPORT 1501 > > HTTPPort 1581 > > > > Apr 20 17:04:50 PDT: list TSM-Filter permitted tcp xxx.xxx.xxx.xxx(37317) -> > xxx.xxx.xxx.xxx(1501), 1 packet > > Apr 20 17:04:51 PDT: list TSM-Filter permitted tcp xxx.xxx.xxx.xxx(1500) -> > xxx.xxx.xxx.xxx(2200), 1 packet > > Apr 20 17:05:04 PDT: list TSM-Filter denied tcp xxx.xxx.xxx.xxx(37316) -> > xxx.xxx.xxx.xxx(1501), 2 packets > > Apr 20 17:05:04 PDT: list TSM-Filter permitted tcp xxx.xxx.xxx.xxx(37317) -> > xxx.xxx.xxx.xxx(1501), 4 packets > > Apr 20 17:05:04 PDT: list TSM-Filter permitted tcp xxx.xxx.xxx.xxx(1500) -> > xxx.xxx.xxx.xxx(2200), 5648 packets > > Apr 20 17:05:21 PDT: list TSM-Filter permitted tcp xxx.xxx.xxx.xxx(37318) -> > xxx.xxx.xxx.xxx(1501), 1 packet > > Apr 20 17:05:51 PDT: list TSM-Filter permitted tcp xxx.xxx.xxx.xxx(37319) -> > xxx.xxx.xxx.xxx(1501), 1 packet > > Apr 20 17:06:21 PDT: list TSM-Filter permitted tcp xxx.xxx.xxx.xxx(37320) -> > xxx.xxx.xxx.xxx(1501), 1 packet > > Apr 20 17:06:51 PDT: list TSM-Filter permitted tcp xxx.xxx.xxx.xxx(37321) -> > xxx.xxx.xxx.xxx(1501), 1 packet > > Apr 20 17:07:21 PDT: list TSM-Filter permitted tcp xxx.xxx.xxx.xxx(37322) -> > xxx.xxx.xxx.xxx(1501), 1 packet > > Apr 20 17:07:51 PDT: list TSM-Filter permitted tcp xxx.xxx.xxx.xxx(37323) -> > xxx.xxx.xxx.xxx(1501), 1 packet > > Apr 20 17:08:21 PDT: list TSM-Filter permitted tcp xxx.xxx.xxx.xxx(37324) -> > xxx.xxx.xxx.xxx(1501), 1 packet > > Apr 20 17:08:51 PDT: list TSM-Filter permitted tcp xxx.xxx.xxx.xxx(37325) -> > xxx.xxx.xxx.xxx(1501), 1 packet > > Apr 20 17:09:21 PDT: list TSM-Filter permitted tcp xxx.xxx.xxx.xxx(37326) -> > xxx.xxx.xxx.xxx(1501), 1 packet > > Apr 20 17:09:51 PDT: list TSM-Filter permitted tcp xxx.xxx.xxx.xxx(37327) -> > xxx.xxx.xxx.xxx(1501), 1 packet > > Apr 20 17:10:06 PDT: list TSM-Filter permitted tcp xxx.xxx.xxx.xxx(1500) -> > xxx.xxx.xxx.xxx(2200), 61959 packets > > Apr 20 17:10:21 PDT: list TSM-Filter permitted tcp xxx.xxx.xxx.xxx(37328) -> > xxx.xxx.xxx.xxx(1501), 1 packet > > Apr 20 17:10:25 PDT: list TSM-Filter permitted tcp xxx.xxx.xxx.xxx(1500) -> > xxx.xxx.xxx.xxx(2235), 1 packet > > Apr 20 17:10:41 PDT: list TSM-Filter permitted tcp xxx.xxx.xxx.xxx(1500) -> > xxx.xxx.xxx.xxx(2235), 8 packets > > Apr 20 17:10:41 PDT: list TSM-Filter permitted tcp xxx.xxx.xxx.xxx(1500) -> > xxx.xxx.xxx.xxx(2200), 2586 packets > > > > Geoff Gill > TSM Administrator > NT Systems Support Engineer > SAIC > E-Mail: [EMAIL PROTECTED] > Phone: (858) 826-4062 > Pager: (877) 854-0975 >
