Configuring a firewall bridge server

In a secure environment in which the ObjectServer and probes are separated by a firewall, configure a firewall bridge server so that the probes can connect to the ObjectServer from outside the secure network.

In a standard secure configuration, alerts are forwarded from probes directly to the ObjectServer. If probes are located outside the firewall, the firewall rejects the connections to the ObjectServer. By configuring a firewall bridge server, you can overcome this security restriction.

The firewall bridge consists of two servers: a Server Access Bridge and a Client Access Bridge, which run either side of the firewall. A communication channel between the two servers is initiated by the Server Access Bridge.

The firewall bridge uses this communication channel to create new data channels between the Server Access Bridge and the Client Access Bridge. Client connections and data can be sent to the ObjectServer from outside the firewall. Probes still initiate a connection but it is now made to the local Client Access Bridge, situated on the same side of the firewall. This enables the Client Access Bridge, situated outside the firewall, to provide data flow to the ObjectServer, situated inside the firewall.

The following figure shows the data-flow across a firewall between the ObjectServer and two probes located outside the firewall.

Figure 1. Example firewall bridge server architecture
This figure shows how a firewall bridge enables probes to connect to the ObjectServer from outside the secure network.