mobile client outside private lan

Started by raypetter, February 02, 2014, 07:07:55 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

raypetter

February 02, 2014, 07:07:55 PM
Hi

I'd rather not put the netxms server in DMZ for security reasons, but I would love to use the mobile client outside our private network.

Any input on how to achieve this would be greatly appreciated.

Marco Incalcaterra

#1
February 04, 2014, 12:31:00 PM
Quote from: raypetter on February 02, 2014, 07:07:55 PM
Hi

I'd rather not put the netxms server in DMZ for security reasons, but I would love to use the mobile client outside our private network.

Any input on how to achieve this would be greatly appreciated.

The mobile client uses port TCP 4701 to connect to the server. To get access you should NAT that port from the public IP address to the server in your internal network.
To have it working properly "inside" and "outside", instead of putting the IP address (Connection|Server in the settings of the mobile console) you should use a FQDN resolved properly via DNS: from external network it has to resolve to the public IP and from internal network it has to resolve to the private IP. This is the way I use it. Hope it helps.

Best regards,
Marco

Marco Incalcaterra

#2
February 04, 2014, 01:29:55 PM
Quote from: Marco Incalcaterra on February 04, 2014, 12:31:00 PM
To have it working properly "inside" and "outside", instead of putting the IP address (Connection|Server in the settings of the mobile console) you should use a FQDN resolved properly via DNS: from external network it has to resolve to the public IP and from internal network it has to resolve to the private IP.

This part should not be necessary if you don't have restriction in accessing your public IP address from inside you private net.

Best regards,
Marco

Victor Kirhenshtein

#3
February 04, 2014, 02:46:11 PM
Hi!

If your company security policy prohibits traffic forwarding from outside directly to internal network, we have experimental client proxy, which can be placed in DMZ. You can try to build it from latest sources by giving --with-client-proxy  option to configure.

Best regards,
Victor

possamai

#4
February 04, 2014, 05:28:15 PM
I'm using a VPN connection on my phone whenever I want to use the mobile app.

raypetter

#5
February 10, 2014, 10:57:57 PM
Thanks for all the answers. I'll try out the experimental proxy first, and NAT as a last resort.

raypetter

#6
February 11, 2014, 06:08:23 PM
A follow up for others who face the same problem. I used rinetd to bind port 4701 from dmz to the internal netxms server.

Works like a charm.

Thanks again.
Print
Go Up Pages1
User actions