Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Anonymous_User Absent Member.
Absent Member.
164 views

Issues forwarding server ports


NAM 4 Appliance (Demo version)

We have successfully installed the NAM 4 appliance and configured
multiple applications for SSO. When accessing applications that use
ports 80 or 443 for the backend web servers everything works fine. The
issue I am having is for servers that use non-standard ports like 4443,
15600, etc. The RP configuration is using a proper cert for browsers to
use SSL and force browser to gateway to 443 fine. The protected
resources are all configured the same right now to just pass traffic
through with no authentication or authorization policies. We have
confirmed that DNS is correct, resolution works fine from the gateway to
the web servers, we can telnet from the gateway to the servers on the
desired ports, there are no application specific rules in the firewall
but all applications that have anything other than 80 or 443 in the web
server port configuration fail to forward properly.

When I look in the logs I do not see any errors specific to the
applications or URLs that indicate any kind of connection issues or
configuration errors. My concern is that the demo version doesn't allow
communication on these odd ports but we need the demo to prove the
solution works before management will OK the purchase.


--
gdrtx
------------------------------------------------------------------------
gdrtx's Profile: https://forums.netiq.com/member.php?userid=1660
View this thread: https://forums.netiq.com/showthread.php?t=51941

0 Likes
3 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Issues forwarding server ports

Is NAM (the AG presumably) configured to listen on those alternate ports?
I do not see you mentioning having done that and I'm not sure if that's
done by default when you setup something to forward to those alternate
ports on a protected resource. If not, perhaps that's the issue. You MAY
be able to do this using the firewall on the NAM appliance to forward from
whatever port to your NAM port for clients... maybe. Obviously I have not
tested any of this.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Issues forwarding server ports

gdrtx wrote:

>
> NAM 4 Appliance (Demo version)
>
> We have successfully installed the NAM 4 appliance and configured
> multiple applications for SSO. When accessing applications that use
> ports 80 or 443 for the backend web servers everything works fine.
> The issue I am having is for servers that use non-standard ports like
> 4443, 15600, etc. The RP configuration is using a proper cert for
> browsers to use SSL and force browser to gateway to 443 fine. The
> protected resources are all configured the same right now to just
> pass traffic through with no authentication or authorization
> policies. We have confirmed that DNS is correct, resolution works
> fine from the gateway to the web servers, we can telnet from the
> gateway to the servers on the desired ports, there are no application
> specific rules in the firewall but all applications that have
> anything other than 80 or 443 in the web server port configuration
> fail to forward properly.
>
> When I look in the logs I do not see any errors specific to the
> applications or URLs that indicate any kind of connection issues or
> configuration errors. My concern is that the demo version doesn't
> allow communication on these odd ports but we need the demo to prove
> the solution works before management will OK the purchase.


On the webserver tab on your proxies what have you configured as the
webserver port?

Additionally, restart apache with /etc/init.d/novell-apache2 restart
debug and that gives you more info in the
/var/log/novell-apache2/error_log.

You can connect to non-standard ports with the non-appliance at least,
but I'm pretty sure you can do this with the appliance as well, even
the demo version. The only limitation is the time you can use it for
(90 days from memory)

--
Cheers,
Edward
0 Likes
Highlighted
Anonymous_User Absent Member.
Absent Member.

Re: Issues forwarding server ports

On 10/13/2014 9:53 PM, Edward van der Maas wrote:
> but I'm pretty sure you can do this with the appliance as well


I know you can as I've done it for demos myself.
If it is configured correctly as Edward indicated then the next step I would take is a tcpdump to see where the traffic is going.

--
-----------------------------------------------------------------------
Will Schneider
Knowledge Partner http://forums.netiq.com

If you find this post helpful, please click on the star below.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.