How do I configure Host Allow to allow or restrict communication between VigilEnt Security Manager a (NETIQKB31944)

  • 7731944
  • 02-Feb-2007
  • 10-Jul-2007

Resolution

goal
How do I configure Host Allow to allow or restrict communication between VigilEnt Security Manager and agents?

goal
Is there a way to allow or deny agent communication with VigilEnt Security Manager?

fact
VigilEnt Security Agent for AS/400 5.3/6.3

fact
VigilEnt Security Agent for iSeries 5.4/7.0

fact
VigilEnt Security Manager 3.0 SR2

fact
VigilEnt Security Manager 4.0

fact
VigilEnt Security Agent for Windows 3.x

fact
VigilEnt Security Agent for Unix 3.x

fix

There are four locations to configure Host Allow (VigilEnt Security Manager communication with agents).

  1. For VigilEnt Security Manager, set Host Allow in VigilEnt Security Manager (core services) to ensure that only the GUI on the local machine may access the core services machine.

    1. To set this, go to the VigilEnt Configuration Utility located under Start | Programs | VigilEnt Security Manager. There is a Host Allow tab that identifies which machines are allowed to communicate with Core Services. Using the loopback address of 127.0.0.1 allows only the local machine to communicate with core services machine.

    2. Also, add the actual IP address of the GUI and the IP address of the machine where core services is installed.

  2. For VigilEnt Security Agent for Windows, edit the file, c:\program files\Pentasafe\VSANT\HostAcess.Reg.

    1. Use the loopback address of 127.0.0.1, indicating that the NT agent on the local machine may only communicate with VigilEnt Security Manager on the local machine. If you are logged onto the network with domain privileges, it will be possible to audit other NT boxes on the domain. However, only VigilEnt Security Manager from the local machine will be able to generate and retrieve those reports.

    2. After editing the file, double click the file from Windows Explorer to update your registry.

  3. For VigilEnt Security Agent for UNIX, edit the file, $PSHOME/os/vsau/bin/userv.allow. In this file, add the IP address.

  4. For VigilEnt Security Agent for iSeries, the AS/400 agent can be configured for allowed VigilEnt users from PSMENU in the green screen environment.

    1. Choose option 70 for Utilities Menu.

    2. Choose option 11 for VigilEnt Agent Access Control. This dialog will enable users to specify the IP address for the VigilEnt Security Manager console.


Additional Information

Formerly known as NETIQKB31944