Internal communications and firewall ports: Difference between revisions

From wiki.comcert.com
Jump to navigation Jump to search
No edit summary
No edit summary
 
(17 intermediate revisions by the same user not shown)
Line 2: Line 2:
== Introduction ==
== Introduction ==


These communication must be allowed by every firewall in the path between these devices.  All servers require access to DNS and NTP.  In case of external authentication (LDAPS, RADUIS, ...) access to these authentication servers is required for NGS or NGGM, NGFF and NGLS.  Please note that you may have Flow Collectors (FC) and InfiniSteam (IS) on different locations and on different subnets.  
These intra-nGeniusONE system communications must be allowed by every firewall and ACL in the path between the nGeniusONE servers and its data sources (Flow Collector, InfiniStream, vStream, vStream Agent, ...).  All servers require stable communication with DNS and NTP.  If you choose to use external user authentication (AD, LDAP, RADUIS, TACACS, ...), access to these authentication servers is required only for nGenius Server or nGenius Global Manager, nGenius For Flows and nGenius Local Server.


We recommend you print this page and write the corresponding IP addresses on the map.
Access to all servers is typically done using SSH on Linux (tcp/22) and RDP on Windows (tcp/3389).  InfiniStream and Flow Collector are always Linux-based OS.


 
 
Line 10: Line 10:
== Solution ==
== Solution ==


=== Standalone nGeniusONE Server (just one nGenius server) ===


=== Standalone nGeniusONE Server ===
<span style="color:#0000FF;">* vSTREAM Agent packet streaming option</span>


Legend:
[[File:NG1Standalone.png|border|center|NG1Standalone.png]]
 
{| border="1" cellpadding="1" cellspacing="1" style="width: 238px;"
|-
| style="width: 52px;" | NGS
| style="width: 173px;" | nGenius Server
|-
| style="width: 52px;" | FC
| style="width: 173px;" | FlowCollector
|-
| style="width: 52px;" | IS
| style="width: 173px;" | InfiniStream/vSTREAM/vSTREAM Agent
|}


&nbsp;
&nbsp;


=== Distibuted nGeniusONE Server ===
=== Distibuted nGeniusONE Server&nbsp;(at least two&nbsp;nGenius servers) ===
 
Legend:
 
{| border="1" cellpadding="1" cellspacing="1" style="width: 238px;"
|-
| style="width: 52px;" | NGGM
| style="width: 173px;" | nGenius Global Manager
|-
| style="width: 52px;" | NGFF
| style="width: 173px;" | nGenius for Flow
|-
| style="width: 52px;" | NGLS
| style="width: 173px;" | nGenius Local Server
|-
| style="width: 52px;" | FC
| style="width: 173px;" | FlowCollector
|-
| style="width: 52px;" | IS
| style="width: 173px;" | InfiniStream/vSTREAM/vSTREAM Agent
|}


&nbsp;
<span style="color:#0000FF;">* vSTREAM Agent packet streaming option&nbsp;</span>


[[File:nGOInternalCommunication.jpg|border|center|nGOInternalCommunication.jpg]]
[[File:NG1Distributed.png|border|center|NG1Distributed.png]]

Latest revision as of 13:16, 15 April 2022

Introduction

These intra-nGeniusONE system communications must be allowed by every firewall and ACL in the path between the nGeniusONE servers and its data sources (Flow Collector, InfiniStream, vStream, vStream Agent, ...).  All servers require stable communication with DNS and NTP.  If you choose to use external user authentication (AD, LDAP, RADUIS, TACACS, ...), access to these authentication servers is required only for nGenius Server or nGenius Global Manager, nGenius For Flows and nGenius Local Server.

Access to all servers is typically done using SSH on Linux (tcp/22) and RDP on Windows (tcp/3389).  InfiniStream and Flow Collector are always Linux-based OS.

 

Solution

Standalone nGeniusONE Server (just one nGenius server)

* vSTREAM Agent packet streaming option

NG1Standalone.png
NG1Standalone.png

 

Distibuted nGeniusONE Server (at least two nGenius servers)

* vSTREAM Agent packet streaming option 

NG1Distributed.png
NG1Distributed.png