cancel
Showing results for 
Search instead for 
Did you mean: 

BEA 3600: Security setting enquiry

Recently we have installed a BE Appliance 3600 in our office and I have a question concerning its security configuration. For the 3 usable NICs (eth1 - 3), we have already connected each of them to separate subnets (e.g. subnet A, B, C for easier illustration), wanting to dedicate one NIC for the backup jobs in each subnet. Furthermore, our network environment has assigned one subnet for management purpose, in that case, I will put it as subnet A.

So my question consists of 2 parts: First, right now I can access to the management web GUI via each IP assigned to the NICs (https://<IP address>/appliance/). Does the appliance support to apply a setting that only the IP of eth1 (connected to subnet A) can access the web GUI while the other 2 NICs are solely for backup purpose?

[Here comes the 2nd part:] The same goes for the remote launch. I can successfully use the BkupLnch.rdp shortcut with the above 3 IPs (of course, after making changes to /etc/hosts on my PC). Does it support to set the same restriction?

All in all, what I want to achieve is: only 1 NIC is for management purpose of the whole appliance while the other 2 are for backup of their responsible subnets.

Thank you.

2 Replies

...I'll escalate this for

...I'll escalate this for you...post back if nobody from Symantec replies, because you might then have to log a support call. Either way, please post back with details if these are provided to you!

Thanks!

You can use a particular NIC

You can use a particular NIC for your backup job. Just edit your job, go to the Network and Security section of the job properties and specify the particular NIC that you want to use. You may need to either use the NIC subnet IP addresses in your jobs and/or add the NIC subnet IP addresses to the Hosts file of the appliance and the remote servers. This is because your DNS would probably resolve the server names to the IP addresses of the normal production subnet. I don't think that you can restrict the administrative function to a particular NIC. Why do you need such a restriction?