Archive mgmt thru firewall

Unanswered Question
Feb 23rd, 2009

We would like to archive configs and manage inventory with LMS 3.0.1 RME 4.1.1 for devices on protected networks behind firewall. Telnet may be a no-no, is there a way to use SNMP only or other protocols perhaps uni-directional to accomplish this?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Bruce Summers Mon, 02/23/2009 - 05:19

We are using SSH for archiving the configs. We've got it working on one of our FWSM's (cisco cat 6513 FWSM). continuing the configs presently, but am running into auth problems (again). so, to answer your basic question, yes, you can use SSH to perform archive config. but I wouldnt recommend telnet (best practices says no).

Joe Clarke Mon, 02/23/2009 - 09:37

No protocol is truly uni-directional. RME uses only SNMP to manage inventory. So if you're allowing SNMP request and reply packets, that should not be a problem. As for configs, it depends on the device. Many support SNMP-triggered TFTP config collection. This means that SNMP is used to set some objects on the device, then the device copies the config back to the RME server using TFTP.

However, if security is a concern, it would be better to use SSH or SCP for your config transport protocol.


This Discussion