DX Application Performance Management

Expand all | Collapse all

FW with content filtering between APM agent and EM

Jump to Best Answer
  • 1.  FW with content filtering between APM agent and EM

    Posted 01-11-2016 05:57 AM

    Hi All,

     

    do you know please whether it's possible to set any rule on FW with content filtering that recognize and allow APM communication? as we have a FW with content filtering between APM agent and EM and just allowing TCP/5001 for APM communication is not enough.

     

    if so, what rule should be specified for the content filtering?

     

    thank you,

    stefan



  • 2.  Re: FW with content filtering between APM agent and EM

    Posted 01-11-2016 07:39 AM

    Hi Stefan:

        This is a question more about APM and network interfacing so not sure what sort of answer you will find here. What firewall vendor are you using?

    Thanks

    Hal German



  • 3.  Re: FW with content filtering between APM agent and EM

    Posted 01-11-2016 05:07 PM

    your rule expects the agent port of your manager to be 5001, check that it is the case (if you have a cluster then all the collectors and mom needs to be set with its agent port on 5001)



  • 4.  Re: FW with content filtering between APM agent and EM

    Posted 01-12-2016 09:30 AM

    Stefan:

    Does Fred's answer help or further assistance needed? Dealing with your networking team may help resolve this

     

    Thank

    Hal German



  • 5.  Re: FW with content filtering between APM agent and EM

    Posted 02-12-2016 06:38 AM

    Hi Hallett,

     

    unfortunatelly, Fred just repeated what the default is and i already know and wrote in my post = "just allowing TCP/5001 for APM communication is not enough" in this case.

     

    thank you,

    stefan



  • 6.  Re: FW with content filtering between APM agent and EM
    Best Answer

    Posted 02-12-2016 08:13 AM

    Hi Stefan,

     

    If you really want a firewll to be able to any kind of content filtering, then you should consider using http as your transport layer between the Agent and the EM, as our default Isengard communication protocol is unknown to the rest of mankind and therefore can not be analyzed/filtered, the Firewall needs to consider it as raw TCP.

     

    That being said, can you please explicit what problem you are encountering? As Fred said, a firewall rule needs to be created with the following attributes:

    Source: Any server that has an Agent on it

    Destination: Any Enterprise Manager that the Agents might try to contact on port 5001 by default. (Includes the MOM and the Collectors).



  • 7.  Re: FW with content filtering between APM agent and EM

    Posted 02-15-2016 07:10 AM

    Hi Florian,

     

    yes, i will suggest http as your transport layer to the customer as first step and hopefully we'll find some rule that could be applied for it's content as a second step.

     

    thank you,

    stefan