fartyalvikram Contributor.
Contributor.
2083 views

Open Port in Firewall

I have installed Advanced Authentication using "aa-release-5.6-146.iso" ISO file.
After installation I have to open a specific port on firewall.
For this I tried to find the option for opening a port and tried to access this using ssh terminal, but I did not found any option for this.

So please gives me some suggestions, So I can access this using ssh terminal or open port on firewall.
0 Likes
13 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Open Port in Firewall

I do not think you are allowed to do this as AA is a software appliance
and fairly locked-down as a result. You can use reverse proxies, like in
Access Manager (NAM), or port forwarding to allow ports to be visible to
clients differently than they are on the box itself.

Out of curiosity, which ports, and for what business case?


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Open Port in Firewall

fartyalvikram;2471428 wrote:
I have installed Advanced Authentication using "aa-release-5.6-146.iso" ISO file.
After installation I have to open a specific port on firewall.
For this I tried to find the option for opening a port and tried to access this using ssh terminal, but I did not found any option for this.

So please gives me some suggestions, So I can access this using ssh terminal or open port on firewall.


Hello,

We do not provide root access to the appliance. The ports are needed to be opened not on the appliance, but on firewall between Advanced Authentication Servers and other parts of infrastructure (if the firewall is presented).
You may find details about ports configuration here: https://www.netiq.com/documentation/advanced-authentication-56/server-administrator-guide/data/b1nv41al.html
0 Likes
fartyalvikram Contributor.
Contributor.

Re: Open Port in Firewall

Thanks for your reply.
Can you please provide me the link for "Advanced Authentication Servers". In "Advanced Authentication Servers", do we have Firewall and Can we access ssh or terminal of this.
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Open Port in Firewall

fartyalvikram;2471674 wrote:
Thanks for your reply.
Can you please provide me the link for "Advanced Authentication Servers". In "Advanced Authentication Servers", do we have Firewall and Can we access ssh or terminal of this.


I'm not sure which link exactly do you want to get? Please clarify.
No, we don't have firewalls on AA Server and do not provide root access. Access to console is extra protected by service one-time password, only our support staff has access to the service OTP generator.
But as I said there is nothing to configure in console. This is used for only support sessions where we do need to install a patch.
0 Likes
fartyalvikram Contributor.
Contributor.

Re: Open Port in Firewall

Sorry for delay.
Can you please give me some suggestion for accessing the terminal of NAAF server using admin user? I am not asking for root access.
And how can we create a Proxy for accessing internet from that server?
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Open Port in Firewall

fartyalvikram;2473844 wrote:
Sorry for delay.
Can you please give me some suggestion for accessing the terminal of NAAF server using admin user? I am not asking for root access.
And how can we create a Proxy for accessing internet from that server?


Terminal access is prohibited. But why do you want to access terminal? What exactly do you want to do?
Proxy configuration is available through the Configuration Console (this is what you see when you just installed the server, so not web console) of the server: https://www.netiq.com/documentation/advanced-authentication-56/install-upgrade-guide/data/b1lvlpm5.html.
0 Likes
ScorpionSting Absent Member.
Absent Member.

Re: Open Port in Firewall

If you have VM Console access, there are some functions you can perform via there (reboot/shutdown/ntp config/resource utilisation/etc)....but you won't get ssh or telnet to the server console remotely.

Visit my Website for links to Cool Solution articles.
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Open Port in Firewall

ScorpionSting;2473925 wrote:
If you have VM Console access, there are some functions you can perform via there (reboot/shutdown/ntp config/resource utilisation/etc)....but you won't get ssh or telnet to the server console remotely.


All these functions are supported in Configuration Console: https://www.netiq.com/documentation/advanced-authentication-56/install-upgrade-guide/data/netiq_basic_settings.html
Monitors can be activated with hotkeys Alt+F8-F12 from Configuration Console
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Open Port in Firewall

On 22-01-2018 4:56 PM, teysg wrote:
>
> ScorpionSting;2473925 Wrote:
>> If you have VM Console access, there are some functions you can perform
>> via there (reboot/shutdown/ntp config/resource utilisation/etc)....but
>> you won't get ssh or telnet to the server console remotely.

>
> All these functions are supported in Configuration Console:
> https://www.netiq.com/documentation/advanced-authentication-56/install-upgrade-guide/data/netiq_basic_settings.html
> Monitors can be activated with hotkeys Alt+F8-F12 from Configuration
> Console
>
>


Sorry, hijacking this post here. Can an option via the UI be added to be able to do packet traces? Yes, a lot of traffic is encrypted but
troubleshooting basic stuff (like why is SMTP not working) would be so much easier when you can take a packet trace on the appliance.

--
Cheers,
Edward
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Open Port in Firewall

edmaa;2474019 wrote:

Sorry, hijacking this post here. Can an option via the UI be added to be able to do packet traces? Yes, a lot of traffic is encrypted but
troubleshooting basic stuff (like why is SMTP not working) would be so much easier when you can take a packet trace on the appliance.



Hi Edward,

In next version (6.0) there will be the great changes. Some of them are:
- Use Common Appliance Framework (SUSE)
- Provide Docker distribution model (Limited)
So terminal access to configure any other third-party functionalities like network tracing will not be a problem there.
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Open Port in Firewall

On 24-01-2018 8:24 PM, teysg wrote:
>
> edmaa;2474019 Wrote:
>>
>> Sorry, hijacking this post here. Can an option via the UI be added to be
>> able to do packet traces? Yes, a lot of traffic is encrypted but
>> troubleshooting basic stuff (like why is SMTP not working) would be so
>> much easier when you can take a packet trace on the appliance.

>
>
> Hi Edward,
>
> In next version (6.0) there will be the great changes. Some of them
> are:
> - Use Common Appliance Framework (SUSE)
> - Provide Docker distribution model (Limited)
> So terminal access to configure any other third-party functionalities
> like network tracing will not be a problem there.
>
>


Thats great news. Thanks for that.

--
Cheers,
Edward
0 Likes
ScorpionSting Absent Member.
Absent Member.

Re: Open Port in Firewall

So, complete UI overhaul too?

Visit my Website for links to Cool Solution articles.
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Open Port in Firewall

ScorpionSting;2474173 wrote:
So, complete UI overhaul too?


Yes, brand new UI.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.