I need your help.
I am deplying a VM protection (Red Hat Enterprise Virtualization) in the Customer’s environment.
The Customer has the following configuration:
CS and MA are located outside of Internal Network.
RHEV Manager Server is located behind the Firewall.
VSA Proxy is a part of the RHEV environment (VM running Linux OS)
I created a Client Group called ‘DMZ’, then I put the VSA proxy to this group.
I also set the Network Route for DMZ group as follows:
- From Infastructure Group - Blocked
Then I set the Network Route for Infastructure group as follows:
- From DMZ Group - Restricted (port 8403)
Is anything alse that I need to do to create a RHEV pseudo-client?
Do you think that this Firewall configuration should work or maybe I should set the Firewall in different way?
Best answer by MichaelCaponView original
From your description and diagram, it looks like this should work as intended.
Setting Infra as blocked will force the VSA (In DMZ Group) to initiate the tunnel connection on 8403 to the Infrastructure Group servers (CS and MA).