Bridge through Firewall

Revised August 8th 2001

Objectives

Run Bridge through the firewall but block SQL port 1433 for inbound traffic. There should be no SQL initialization from DMZ zone.

Firewall Setup

BridgeSource = DMZ COREDestination = Central Core

DSM

Bridge WV Gateways

UDP 162, ICMP Ping

SQL 1433 FIREWALL

Host A

UDP 161 - Traps

Common Services

Common Services

CORE HostWV

Gateway

Common Services

SQL Port Outbound traffic – Bridge Pulls information from inside the firewall

WV GatewayDMZ Core

Central Core

Inbound Rules

SQL Port Blocked from DMZ to Private

Outbound Rules

SQL Port Open for Private to DMZ traffic

Active Connections

Denials List

SQL Port Blocked from DMZ , initialization denied

Bridge Configuration

RGT1N = Core outside Firewall

DAWYA01D = Core Inside the Firewall

Bridge Running inside Firewall

Destination Core

Core Inside the Firewall

Status in sync with DMZ core

Maintaining Status

Any Status updates in DMZ core will be propagated to the Central CORE.

Be selective on Bridge Rules – DMZ core should be relatively small as it would

need to transmit all worldview notification Source CORE not in the same server

as the Bridge Instance. Not best practice

WorldView Notification

NodeView from Private Network 7774

unblocked for outbound traffic

AgentView with Routing

7774 unblocked for outbound traffic

Questions and Answers

Any questions?Any questions?