1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Server
  5. GSS-4492R-K9
  6. Administration manual

Deploying Gss Devices Behind Firewalls; Gss Firewall Deployment Overview - Cisco GSS-4492R-K9 Administration Manual

Administration guide
Hide thumbs
Table of Contents

Advertisement

Deploying GSS Devices Behind Firewalls

Deploying GSS Devices Behind Firewalls

GSS Firewall Deployment Overview

Cisco Global Site Selector Administration Guide
5-12
This section describes how to configure your GSS for deployment behind a
firewall. It contains the following topics:
GSS Firewall Deployment Overview
Configuring GSS Devices Behind a Firewall
In addition to the packet-filtering features of the access-list and access-group
commands (see the
"Filtering GSS Traffic Using Access Lists"
also deploy your GSS devices behind an existing firewall on your enterprise
network.
When you configure your GSS for deployment behind a firewall, you must allow
DNS traffic into the device. If you have multiple GSS devices deployed so that
traffic between the devices must pass through a firewall, configure the firewall to
allow inter-GSS communications and inter-GSS status reporting. Depending on
your GSS configuration, you can also allow other traffic to pass through the
firewall. This requirement depends on your GSS configuration (for example, if
you are using TCP-based or KAL-AP keepalives) and the ability to access certain
GSS services through the firewall (for example, SNMP).
The GSS does not support deployment of devices behind a NAT for inter-GSS
communication. The communication between the GSS devices cannot include an
intermediate device behind a NAT because the actual IP address of the devices is
embedded in the payload of the packets.
To configure your firewall to function with a GSS device, follow the guidelines
outlined in
Table 5-2
and
transmitted to and received from the specified GSS ports. If you are using stateful
firewalls, the rules for return traffic outlined in
be required.
In addition, use the access-list and access-group commands to enable authorized
GSS traffic to the specified ports. By default, the GSS interface blocks all ports
not explicitly permitted in your access list once you associate the access list with
an Ethernet interface.
Chapter 5
Configuring Access Lists and Filtering GSS Traffic
Table 5-3
to permit inbound and outbound traffic
section), you can
Table 5-2
and
Table 5-3
OL-10410-01
may not
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Cisco GSS-4492R-K9

Related Content for Cisco GSS-4492R-K9

Table of Contents