Filter
Top Products
11-2
User Guide for Device Fault Manager
OL-11390-01
Chapter 11 Administering DFM (Advanced)
Security Considerations
Secure Socket Layer (SSL)
SSL is an application-level protocol that enables secure transactions of data through privacy,
authentication, and data integrity. It relies upon certificates, public keys, and private keys. You can
enable or disable SSL depending on the need to use secure access.
DFM supports SSL between clients and the server. By default, DFM is not SSL-enabled. For information
on enabling SSL, refer to the Common Services online help.
SNMPv3
Like CiscoWorks Common Services, DFM supports SNMPv3 (authentication and access control but no
data encryption) between server and devices to eliminate leakage of confidential info. This provides
packet-level security, integrity protection, and replay protection, but does not encrypt the packets.
Working with Firewalls
DFM will work across firewalls, but you must perform the following two tasks:
• Configure the DFM server to use a specific port (outgoing connection)
• Configure the firewall to use an automatic established connection (incoming connection)
Step 1 Configure the DfmServer process so it binds to a privileged port, using the pdcmd --port option (see
Table 11-4 on page 11-16 for more pdreg options):
Note The ports and protocols used by CiscoWorks are listed in the Installation and Getting Started
Guide for LAN Management Solution 3.0.
a. Check the flags that are currently set for the DfmServer process, and write them down (you will need
to reset them later):
#
NMSROOT
/bin/pdreg -l DfmServer
b. Unregister the DfmServer process:
#
NMSROOT
/bin/pdcmd -u DfmServer