Table of Contents
Advertisement
Chapter 9: Understanding Scanning Processes in SiteProtector
One Way to Use Perspective
Introduction
Illustration
Explanation
126
This topic provides an example of using perspective to run scans from inside a firewall
and from inside the DMZ.
Figure 24 illustrates a typical scanning environment where one agent (S1) is located
within a DMZ and another agent (S2) is located inside a firewall. With this configuration
you can scan some asset groups from inside your firewall and others from your DMZ:
Figure 24: Using perspective for scanning inside and outside the firewall
To configure an environment such as the one described in Figure 24, you would do the
following:
1. Define perspectives to identify the agents at each place on your network, for example,
InsideFirewall and InsideDMZ.
2. Install agent S1 inside the DMZ, and assign it to the InsideDMZ perspective.
3. Install agent S2 inside the firewall, and assign it to the InsideFirewall perspective.
4. Set up two groups in SiteProtector:
One group contains assets to scan from inside the firewall.
■
One group contains assets to scan from the DMZ.
■
5. Set up a scan control policy for each asset group, assigning the asset groups to the
perspective from which you want to scan.
IBM Internet Security Systems
Advertisement
Table of Contents
