2 altering firewall rules, Altering firewall rules – HP 3PAR Service Processors User Manual

3.3

Displaying Firewall Status or Altering Firewall Rules

3PAR Service Processor User’s Guide

3.2.2 Altering Firewall Rules

It is also possible to use the SP Control FW submenu to add unique IP addresses to the two

logical network interfaces so it may access the Service Processor (SP). These defined

connections are nonvolatile and exist across restarts of the SP.

The two types of logical network interfaces are as follows:

◆

The public interface is connected to the customer’s network, and is where the InServ

Storage Servers are located. It is also the means of connecting with a gateway to the

Internet.

◆

The private interface is used by service providers for access to the SP.

There are two types of workstations that might need access to the Service Processor across the

firewall through these interfaces:

■

The management workstation is a host on the public network with a static IP address. This

management workstation is usually defined as part of the storage server installation and

setup, as described in the 3PAR InServ Storage Server Installation and Deinstallation Guides.

Management workstations enable you at the customer site to access the SP and storage

server from within the customer network.

■

The maintenance workstation is a host on the public network with a static IP address.

Maintenance workstations, when present, enable you to access the SPs and storage servers.

When adding additional management or maintenance workstations, the only protocols

allowed on these additional hosts are SSH and HTTP. Adding these hosts here opens ports 22

and 80 for connections from SSH and HTTP, respectively. These additions are persistent because

upon restart, they are automatically added to the firewall.