This Help topic presents instructions for deploying Extreme Access Control (Access Control) within an MSP (Managed Service Provider) or MSSP (Managed Security Service Provider) environment. It includes the following information:
Configuring Extreme Management Center Behind a NAT Router
If the Extreme Management Center (Management Center) server is located behind a NAT (Network Address Translation) router, use the following steps to add an entry to the nat_config.text file that defines the real IP address for the Management Center server. This allows the Management Center server to convert the NAT IP address received in the Access Control engine response to the real IP address used by the Management Center server.
| NOTE: | The text in the nat_config.text file refers to a remote IP address and a local IP address. For this configuration, the NAT IP address is the remote IP address and the real IP address is the local IP address. |
- On the Management Center server, add the following entry to the <install directory>/appdata/nat_config.text file.
<NAT IP address>=<real IP address> - Save the file.
- Configure your Access Control engines to use the NAT IP address for the IP address of the Management Center server. For information on how to configure or change your engine settings, refer to your Access Control engine Installation Guide.
If you have remote Management Center clients connecting to the NAT IP address, perform the following additional steps.
- On the Management Center (formerly NetSight) server, add the following text to the <install directory>/appdata/NSJBoss.properties file. In the second to last line, specify the hostname of the Management Center server.
# In order to connect to a NetSight server behind a NAT firewall or a
# NetSight server with multiple interfaces you must define these two# variables on the NetSight server. The java.rmi.server.hostname# should be the hostname (not the IP) if multiple IPs are being used# so that each client can resolve the hostname to the correct IP that
# they want to use as the IP to connect to.java.rmi.server.hostname=<hostname of Management Center (NetSight) server>java.rmi.server.useLocalHostname=true - Save the file.
- Add the Management Center server hostname to your DNS server.
Defining Interface Services
The advanced interface configuration mode available in NAC Manager allows you to define which services are provided by each of the Access Control engine's interfaces. This provides the very granular out-of-band management that is often required in MSP or MSSP environments.
For instructions, see the Interface Configuration Window Help topic.
For information on related windows:
