A multiple firewall bridge server configuration

Multiple firewall bridge servers can be configured so that probes can connect to an ObjectServer from across multiple firewalls.

The following figure shows the configuration setup for multiple firewall bridge servers:

Figure 1. A multiple firewall bridge server configuration
This figure shows a multiple firewall bridge server configuration.

The configuration flow is as follows:

 1 

The probe makes an initial connection to the Client Access Bridge server (CLIENT_ACCESS_A) on the external host. It uses the port (10001) and host name (external) associated with the NCOMS server name defined in the omni.dat interfaces file.

 2 

The Client Access Bridge server (CLIENT_ACCESS_A) then requests a new data-flow connection (across Firewall 2) from its associated Server Access Bridge server (SERVER_ACCESS_B) using the existing inter-bridge communication channel.

 3 

The Server Access Bridge server (SERVER_ACCESS_B) makes a new connection to the Client Access Bridge server (CLIENT_ACCESS_B). It uses the port (10001) and host name (dmz) associated with the NCOMS server name defined in the omni.dat interfaces file.

 4 

The Client Access Bridge server (CLIENT_ACCESS_B) then requests a new data-flow connection (across Firewall 1) from its associated Server Access Bridge server (SERVER_ACCESS_A) using the existing inter-bridge communciation channel.

 5 

The Server Access Bridge server (SERVER_ACCESS_A) makes a new connection to the ObjectServer (NCOMS) on the internal host. It uses the port and host name associated with NCOMS in the omni.dat interfaces file.

The new connection is acknowledged by the ObjectServer (NCOMS).

 6  and  7 

The Server Access Bridge server (SERVER_ACCESS_A) initiates a new data-flow connection (across Firewall 1) to the Client Access Bridge server (CLIENT_ACCESS_B) and in turn a new connection is made to the Server Access Bridge server (SERVER_ACCESS_B).

 8  and  9 

The Server Access Bridge server (SERVER_ACCESS_B) creates a new data-flow connection (across Firewall 2) to the Client Access Bridge server (CLIENT_ACCESS_A). This connection is acknowledged by the Client Access Bridge and in turn the incoming probe connection is accepted.

Data packets are now routed from the probe along the open connections and data-flow channels initiated by the bridge servers, and finally to the ObjectServer (NCOMS).