Policy rules for Nagios running on ISA (Full Version)

All Forums >> [ISA Server 2004 Firewall] >> Access Policies



Message


jasho.mendinka -> Policy rules for Nagios running on ISA (17.Jul.2006 5:18:51 PM)

Hello All,

I have an ISA2004 Std. Edition and I have a problem configuring rules to allow the Nagios Agent, running on ISA, to get polled by the Nagios server. In ISA there is a persistent route to network 192.168.10.0/24 via 192.168.100.1. The Nagios server can be pinged from ISA (it was added to system policy).


The server polls the agents regularly using TCP dst.port = 5666 and src.port > 1023. The Nagios Agent is running on ISA server and the configuration is described below:
 
Nagios Server (192.168.10.9)
|
Router (192.168.100.1 and 192.168.10.1)
|
LocalNet (192.168.100.0/24)
|
ISA (internal interface is 192.168.100.2)
|
Internet (External)
 

My doubt is regarding protocol definition on ISA. How to create an access rule, using an user defined protocol that can work properly?
 
So far, Ive created a rule and protocol defition for Nagios, described below:
 
Access-rule Allow Nagios Comm. to ISA
{
    Action { Allow }
    Protocol { Nagios
        {  Primary Connections
                   PortRange {1024-65535}
               protocol-type {TCP}
               Direction {Outbound}
        }
    }
    From {NagiosServer {192.168.10.9} }
    To { LocalHost }
    Condition {All Users}
}
 
Any Ideas??? Id really appreciate comments here!
Regards,
Jasho.




tshinder -> RE: Policy rules for Nagios running on ISA (23.Jul.2006 9:50:35 PM)

What's Nagios?

What protocols do it use?

Thanks!
Tom




jasho.mendinka -> RE: Policy rules for Nagios running on ISA (2.Aug.2006 6:19:05 PM)

Hello Tom,

sorry for the delay in answering your last post.

What is Nagios?
Nagios is a great monitoring tool, a very nice alternative or compliment to MOM2005. Nagios is a host and service monitoring utility, designed to run under the Linux operating system. The monitoring daemon runs intermittent checks on hosts and services you specify using external "plugins" which return status information to Nagios.
More info: http://www.nagios.org/about/

What protocols does it use?
The Nagios server polls the Nagios agents using TCP dst.port = 5666 and src.port > 1023. The Nagios Agent runs on the monitored servers listens for requests from the Nagios server on port TCP 5666. So far I've create a protocol called 'Nagios TCP>1023', defined as follows:

Protocol { Nagios

        {  Primary Connections
                   PortRange {1024-65535}
               protocol-type {TCP}
               Direction {Outbound}
        }
    }

It is working, although I don't like the fact I cannot simply use destination port on the protocol definition! This would make life easier. :)

Thanks and keep up the nice work!
Greetings,
Jasho.




tshinder -> RE: Policy rules for Nagios running on ISA (13.Aug.2006 7:27:21 PM)

Hi Jasho,

Thanks for the info on Nagios!

It looks like their documentation is incorrect, because if you go with their docs, you should be able to allow access with a single rule allow TCP 5666 outbound from the the Nagios server to the Local Host Network.

Tom




gazy007 -> RE: Policy rules for Nagios running on ISA (28.Oct.2010 3:24:59 PM)

quote:

ORIGINAL: tshinder

Hi Jasho,

Thanks for the info on Nagios!

It looks like their documentation is incorrect, because if you go with their docs, you should be able to allow access with a single rule allow TCP 5666 outbound from the the Nagios server to the Local Host Network.

Tom

Hi Tom,

I wanted to ask what rule would you create for nagios as I am having the same problem. An external company wants to collect info from our internal network to their web site where they can monitor the servers and network. I have tried inbound tcp 5666,tcp 4949(for munin) but it does not seem to be working I did publish this linux box but I got nowhere as I had to allow access to only one particular ip address. I have checked the log sometime this company source protocol is 56333 or 54717 and vice versa. Is there a way you could shed some light on it. I have 2006 Enterprise Isa server. Thanks




Page: [1]