Which port to be opened

Hi,

We have two DMZ's and one inside network. In the inside network we have HP Open View installed. We need to monitor the servers in the two DMZ's from the HP open view system which is inside the network. I would like to know which port should i open in the inside network so that i can monitor the two DMZ'

Please help me in this.

Thanks

Siva

For the most basic functionality, you'll need to open UDP port 161, which is SNMP. This is from the internal network Openview server going to your DMZ. If you want to set up SNMP traps on your servers, then you'll need to open UDP 162 from DMZ to internal Openview server. A trap is a message that is sent to a specified host(s) if a certain event happens.

Be sure to use strong community names when setting this all up. It's SNMP's "password". Unfortunately, it's all sent unecrypted, so no matter what it's unsecure, but at least you can defend your devices against dictionary attacks. SNMP v3 is supposed to fix this, but its still not widely used or supported.

thanks jeremy.

if i want to use TCP then is there any other port that can be used for internal to dmz and back?

siva

I'd also open up your firewall so that you can ping and traceroute from hpopenview to the dmz if this isn't already the case. As far as TCP ports, I don't think any need to be opened. I haven't used openview for a while, I forgot that openview uses ICMP also when it's polling, in case the devices don't support SNMP.

What TCP ports do you think need to be opened?