Port Forwarding on the Management Interface

Initiating traffic from an SGM (that is not the SMOClosed See "SMO".) through the Security GroupClosed A logical group of Security Gateway Modules that provides Active/Active cluster functionality. A Security Group can contain one or more Security Gateway Modules. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway.'s management interface, such as eth1-mgmt4, only works with UDP and TCP:

Protocol

Allowed Traffic

TCP

UDP

  • DNS

  • RADIUS

  • TACACS

  • SYSLOG

  • NTP

To add new allowed ports to the list:

Step

Instructions

1

Connect to the command line on the Security Group.

2

 Log in to the Expert mode.

3

Edit the $FWDIR/conf/fw_global_params.conf file:

vi $FWDIR/conf/fw_global_params.conf

4

Add this line:

  • For TCP ports:

    mgmt_forwarding_tcp_ports_list_string="<Port1>,<Port2>,....,<PortN>"

  • For UDP ports:

    mgmt_forwarding_udp_ports_list_string="<Port1>,<Port2>,....,<PortN>"

Example for TCP ports:

mgmt_forwarding_tcp_ports_list_string="55010,55011,55012"

5

Save the changes in the file and exit the editor.

6

Copy the modified file to all SGMs in the Security Group:

g_cp2blades $FWDIR/conf/fw_global_params.conf

7

Apply the new configuration:

g_all cpha_blade_config fw_global_params_changed